Abstract

In recent years database security is very much needed to defend against different attacks. In this chapter we will discuss the practical implementation of the SQL injection attack by using the MySQL database server in which we understand how an attacker can compromise the database security by using the SQL injection statements embedded with the normal SQL queries. This chapter also discusses the detection and prevention mechanism from the SQL injection attack and how to protect our database from this type of attack and also gives a better understanding of the SQL injection statements.

Keywords: SQL injection, SQL injection vulnerability

10.1 Introduction

SQL injection is a type of attack in which an attacker can exploit the web security vulnerability with the help of SQL queries the particular application makes to its database. It can allow the attacker to view the data in an unauthorized manner such as users’ data, data that the application itself is able to access. In this attack an attacker can modify and delete the data from the database. If the SQL injection attack is successful it can lead to the following [2, 6]:

• Unauthorized access to sensitive data.
• Backdoor entry in the database system.
• Modify and delete the sensitive data.

Example of SQL injection attack

• Retrieving hidden data
• UNION attacks ...