SQL Injection - Lakelands Computing

Title
Go to content
SQL Injection Attacks
SQL (pronounced sequel  (see-kwil)) is short for Structured Query Language .  It is a standard language used to search (query) and change the content of databases. Click to start to learn SQL.

A lot of the shopping sites on the internet use it as it allows them to use their product, pricing and customer databases to feed data to their websiste. They can use the information in the database to show the different products automatically for example.

Usually these site have forms you fill in to say what you are looking for, or buying. An SQL injection attack puts (injects) code into these forms. This code cause the database to do something - often to reveal information on its customers, including credit card data. - or to delete data, or change data. Watch the video for more on this.

These attacks can be avoided by 2 methods:

  • Don't allow the code to be entered in the first place (called Validation, for example on size you might only allow "L", "M","S","XS")
  • Encrypt the data so even if it is retrieved it makes no sense to the criminal and has no value.


What is SQL Injection?
All Text copyright Lakelands Academy & Mr T Purslow 2020.
All images copyright free / creative commons unless otherwise stated.
You are welcome to use under a Creative Commons Attribution-nonCommercial-ShareAlike License.
All Text copyright Lakelands Academy & Mr T Purslow 2020.  All images copyright free / creative commons unless otherwise stated. You are welcome to use under a Creative Commons Attribution-nonCommercial-ShareAlike License.
All Text copyright Lakelands Academy & Mr T Purslow 2020.  All images copyright free / creative commons unless otherwise stated. You are welcome to use under a Creative Commons Attribution-nonCommercial-ShareAlike License.
Back to content