0PricingLogin
Cyber Security Academy · Lesson

SQL Injection Defense

Prevent injection attacks.

What Is SQL Injection

SQL injection (SQLi) happens when untrusted user input is concatenated directly into a SQL query. The attacker smuggles SQL syntax into a field that the application expects to be plain data, changing the meaning of the query.

It remains one of the most damaging web vulnerabilities because it can leak entire databases, bypass logins, or destroy data.

A Vulnerable Query

The classic mistake is string concatenation. If the input is tom the query is fine, but a crafted input rewrites the logic.

  • The single quote closes the string early.
  • Everything after becomes executable SQL.
query = "SELECT * FROM users WHERE name = '" + userInput + "'";
// userInput = tom' OR '1'='1
// becomes: SELECT * FROM users WHERE name = 'tom' OR '1'='1'

All lessons in this course

  1. SQL Injection Defense
  2. Access Control and Encryption
  3. Auditing and Monitoring
  4. Backup and Recovery Security
← Back to Cyber Security Academy