SQL Injection Attacks
SQL (pronounced sequel (see-kwil)) is short for Structured Query Language . It is a standard language used to search (query) and change the content of databases. Click to start to learn SQL.
A lot of the shopping sites on the internet use it as it allows them to use their product, pricing and customer databases to feed data to their websiste. They can use the information in the database to show the different products automatically for example.
Usually these site have forms you fill in to say what you are looking for, or buying. An SQL injection attack puts (injects) code into these forms. This code cause the database to do something - often to reveal information on its customers, including credit card data. - or to delete data, or change data. Watch the video for more on this.
These attacks can be avoided by 2 methods:
- Don't allow the code to be entered in the first place (called Validation, for example on size you might only allow "L", "M","S","XS")
- Encrypt the data so even if it is retrieved it makes no sense to the criminal and has no value.
What is SQL Injection?