How to Check an SQL Injection
SQL injection is a hack that takes advantage of database vulnerabilities to gain access to your data, delete data and even gain access to your server. You can use basic SQL injection checks to verify that your online forms are not vulnerable to SQL injection. You type a sequence of SQL code into your form elements to check for injection vulnerabilities.
Other People Are Reading
Instructions
-
-
1
Open a Web browser and open your blog or website. Navigate to any form you want to verify. The form must contain text boxes for SQL injection vulnerability.
-
2
Type the following text into the first form text box:
' or 1=1; --
The text above looks malformed, but it actually completes and changes SQL code used on the server. The quote mark terminates a SQL string and the logic code after the quote returns all records, so a hacker can obtain your data.
-
-
3
Click the "Submit' button on your form. If an error occurs or a list of records return, your form is subject to SQL injection.
-
1
Tips & Warnings
To secure your SQL code, add the "addslashes" function around the SQL query string in your Web page code.
