🎩SQL Injection

This is one of the most popular technique to attack Backend system. This technique you can inject the sql script in ti the code.

Example

Drawing

How to Protect

  1. Input validation for request

  2. Use ORM the library will handle this protection

  3. Use Prepare statment for sql raw query -> select * from username where username = $1

this strategy will create sql statement by library and validate the argument

Last updated