DEV Community

Nima Owji
Nima Owji

Posted on

What is "SQL Injection" and how to protect our database?

Hello, My name is Nima Owji. I am a 14 years old full-stack developer. I am a C# programmer. Today, I wanna talk about SQL Injection. What is it? Let's talk about it.

SQL injection is a method used by hackers to inject malicious SQL codes into a database.

In this method, the hackers enter malicious SQL codes in the “username” and “password” fields. When the website wants to check the “username” and “password” in the form of a query from the database, a malicious code will be placed instead of the “username” or “password” in the middle of the query which will be used to execute any type of query such as “DROP DATABASE” or other dangerous queries.

But how can we protect our database from such attacks? One of the easiest ways is to limit the “username” or “password” field to a small number of characters.
Another simple way is to check for sensitive keywords using an “if statement” and to avoid using queries containing these words. One of the best ways is to use “Sanitizers”

I hope you enjoyed it. Thanks for your support.

Top comments (2)

Collapse
 
zargornet profile image
Zargor

Parameterized Queries, nothing else.
The other proposed solutions are dangerous...

Collapse
 
nima_owji profile image
Nima Owji

Yes, That's a good way too.

Some comments may only be visible to logged-in visitors. Sign in to view all comments.