Antipattern: Execute Unverified Input As Code
SQL injection happens when you interpolate some content into an SQL query string and the content modifies the syntax of your query in ways you didnât intend. In the classic example of SQL injection, the value you interpolate into your string finishes the SQL statement and executes a second complete statement. For instance, if the value of bugid is 1234; DELETE FROM Bugs, the resulting SQL shown earlier would look like this:
| â | âSELECTâ * âFROMâ Bugs âWHEREâ bug_id = 1234; âDELETEâ âFROMâ Bugs |
This type of SQL injection can be spectacular (cartoon by Randall Munroe,[31] used with permission).
Usually these flaws are more subtle, but still dangerous. ...
Get SQL Antipatterns, Volume 1 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
