Skip to Main Content
SQL Antipatterns, Volume 1
book

SQL Antipatterns, Volume 1

by Bill Karwin
October 2022
Intermediate to advanced content levelIntermediate to advanced
380 pages
9h 35m
English
Pragmatic Bookshelf
Content preview from SQL Antipatterns, Volume 1

Antipattern: Execute Unverified Input As Code

SQL injection happens when you interpolate some content into an SQL query string and the content modifies the syntax of your query in ways you didn’t intend. In the classic example of SQL injection, the value you interpolate into your string finishes the SQL statement and executes a second complete statement. For instance, if the value of bugid is 1234; DELETE FROM Bugs, the resulting SQL shown earlier would look like this:

 SELECT​ * ​FROM​ Bugs ​WHERE​ bug_id = 1234; ​DELETE​ ​FROM​ Bugs

This type of SQL injection can be spectacular (cartoon by Randall Munroe,[31] used with permission).

Usually these flaws are more subtle, but still dangerous.

Accidents May Happen ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Learning SQL, 3rd Edition

Learning SQL, 3rd Edition

Alan Beaulieu
SQL Antipatterns

SQL Antipatterns

Bill Karwin
High Performance MySQL, 4th Edition

High Performance MySQL, 4th Edition

Silvia Botros, Jeremy Tinley
SQL Cookbook, 2nd Edition

SQL Cookbook, 2nd Edition

Anthony Molinaro, Robert de Graaf

Publisher Resources

ISBN: 9798888650011Errata Page