Home SQL injection

SQL injection

(also Structured Query Language injection, SQLi)

SQL injection definition

SQL injection is a cyberattack that uses malicious SQL code to manipulate a database and access sensitive information.

SQL injection examples

In 2009, three hackers stole 130 million credit card numbers using a SQL injection attack. Targeted companies included 7-Eleven, Hannaford Brothers, and Heartland Payment Systems.

In 2012, a hacker group Team GhostShell stole and published personal data of students, faculty, employees, and alumni from 53 universities using an SQL injection. Targets included Harvard, Princeton, Stanford, Cornell, and Johns Hopkins.

Stopping a SQL injection attack

Segregate information across different databases
Program the site to use premade SQL templates with fixed values and a question mark where the keyword would typically appear
Build input validation into a website’s backend, with a white-list of accepted characters and words

Ultimate digital security

protected woman man sofa bubble devices xs

Malware protection
One account, six devices
Hide your IP

Get NordVPN