Key Concepts

Review core concepts you need to learn to master this subject

SQL Injection

Types of SQL Injections

Mitigating SQL Injection Attacks: Input Sanitization

Union-Based Injections

Error-Based Injections

Boolean-Based Injections

Time-Based Injections

Out-of-Band SQL Injections

See more

SQL Injection

A SQL injection is a serious vulnerability affecting applications that use SQL as their database language. Through cleverly constructed text inputs that modify the backend SQL query, threat actors can force the application to output private data or respond in ways that provide intel. SQL injections attacks can ultimately be used to steal information and even take complete control of a system.

Preventing SQL Injection Attacks
Lesson 1 of 1
  1. 1
    SQL Injection Protection Strategies
    SQL injections are common vulnerabilities that affect applications using SQL as their database language. Hackers can use their knowledge of SQL to construct text inputs that can trick an applicatio…
    Start
  2. 2
    Input Sanitization & Validator.js
    Web forms present a security vulnerability on websites where hackers can potentially interact with a database. A seemingly harmless form or URL parameters can be a place for hackers to inject malic…
    Start
  3. 3
    Input Sanitization: Validating Forms
    One step of input sanitization is validating data input. Data validation is a process where a web-form checks if the information adheres to the expected format. Validator.js provides many methods t…
    Start
  4. 4
    Data Sanitization
    Another aspect of input sanitization is data sanitization. Data sanitization is the process of removing all dangerous characters from an input string before passing it to the SQL engine. For exampl…
    Start
  5. 5
    Prepared Statements: Placeholders
    Arguably, the best technique to protect against SQL injections is a method called prepared statements. Prepared statements are predefined SQL queries that take user input and place them into placeh…
    Start
  6. 6
    Prepared Statements: Named Placeholders
    Another way to implement prepared statements is to use named placeholders. Instead of using an array, we use an object to map the parameters to the query variables. Consider the following prepared…
    Start
  7. 7
    Review
    Great job! You now know some techniques to protect against SQL injections! SQL injection is a dangerous vulnerability and preventative measures should be implemented to make your database driven ap…
    Start

What you'll create

Portfolio projects that showcase your new skills

Pro Logo

How you'll master it

Stress-test your knowledge with quizzes that help commit syntax to memory

Pro Logo