What is the problem with SQL Injection?

G

Gene Hagmt2019-07-10 11:48:53

Information Security

Gene Hagmt, 2019-07-10 11:48:53

I have read this article and there is a lot of focus on SQL Injection. But it is not clear to me why there are so many problems from injections, if the PHP (PDO) documentation says:

If the application uses exclusively prepared queries, the developer can be sure that no SQL injections can happen.

Or, for example, Insufficient Authentication... if I understand correctly, then this problem is relevant if you have not protected any pages with the need for authentication. But who does that anyway ?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

S

Sergey Gornostaev, 2019-07-10
@g_hagmt

Development is engaged in an unpleasantly large number of stupid and negligent people. More only greedy and incompetent customers. Even in serious medical and banking systems, mistakes can be found that are monstrous in their simplicity and at the same time dangerous. And in web development, everything is much worse, according to optimistic estimates, 99% of sites are made according to the principle and it will do .

A

Anton Shamanov, 2019-07-10
@SilenceOfWinter

you didn’t read enough about injections, they come with a 2nd bottom
Name : ' + (SELECT TOP 1 password FROM users ) + '

A

Arman, 2019-07-10
@Arik

SQL injections allow you to execute your own set of SQL queries, and this can be either deleting everything and it’s good if there is a fresh backup, or changing data (give someone admin rights, add an extra million to your account, etc.) to deal with this is needed at the time of requests and it is not so difficult

M

maclien10, 2019-12-06
@maclien10

Hello) I advise you to read the article describing the essence of SQL-injection)
Explanation of sql-injection