Peter A. CarterSecuring SQL Serverhttps://doi.org/10.1007/978-1-4842-4161-5_10

10. SQL Injection

Peter A. Carter¹

(1)

London, UK

SQL injection is a form of attack where the attacker will attempt to enter T-SQL statements in fields of an application where standard user input is expected. This results in the application building valid, but unintended, harmful statements that could cause serious damage to the SQL Server environment and potentially even allow the attacker to target the wider network. All RDBMS’s (Relation Database Management Systems) are vulnerable to SQL injection attacks because of the very nature of the SQL language, but steps can be taken to mitigate the risks.

In this chapter, after building a vulnerable environment, ...

Get Securing SQL Server: DBAs Defending the Database now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Securing SQL Server: DBAs Defending the Database by Peter A. Carter

10. SQL Injection

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly