Chapter 16. SQL Injection

In Chapter 3, and in other chapters of this book, we have discussed that any time user input is trusted and mixed with code, there is a security risk. SQL injection follows the same principle. Essentially, the attacker’s goal is to provide specially crafted data to the application that uses a database to alter the behavior of SQL commands the application intends to run. SQL injection bugs occur any time the attacker is able to manipulate an application’s ...

Get Hunting Security Bugs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.