August 2018
Intermediate to advanced
404 pages
10h 22m
English
SQLi occurs when the input is not validated and sanitized before it is used to form a query for the database. Let's imagine that the server-side code (in PHP) in the application composes the query as follows:
$query = "SELECT * FROM users WHERE id='".$_GET['id']. "'";
This means that the data sent in the id parameter will be integrated as is in the query. If we replace the parameter reference with its value, we have this:
$query = "SELECT * FROM users WHERE id='"."1". "'";
So, when we send a malicious input like we did, the line of code is read by the PHP interpreter as follows:
$query = "SELECT * FROM users WHERE id='"."' or '1'='1"."'";
And the resulting SQL sentence will look like:
$query = "SELECT * FROM users WHERE ...
Read now
Unlock full access