Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown
Online security and privacyVPN for your company networkPassword managementBusinessBusiness password solutionsEncryption with cloud storage
home
SQL injection

SQL injection

(also Structured Query Language injection, SQLi)

SQL injection definition

SQL injection is a cyberattack that uses malicious SQL code to manipulate a database and access sensitive information.

SQL injection examples

In 2009, three hackers stole 130 million credit card numbers using a SQL injection attack. Targeted companies included 7-Eleven, Hannaford Brothers, and Heartland Payment Systems.

In 2012, a hacker group Team GhostShell stole and published personal data of students, faculty, employees, and alumni from 53 universities using an SQL injection. Targets included Harvard, Princeton, Stanford, Cornell, and Johns Hopkins.

Stopping a SQL injection attack

  • Segregate information across different databases
  • Program the site to use premade SQL templates with fixed values and a question mark where the keyword would typically appear
  • Build input validation into a website’s backend, with a white-list of accepted characters and words

Further reading

What is Structured Query Language (SQL) injection?

Ultimate digital security

We value your privacy

This website uses cookies to provide you with a safer and more personalized experience. By accepting, you agree to the use of cookies for ads and analytics, in line with our Cookie Policy.