SQL injection


Also found in: Dictionary, Wikipedia.

SQL injection

An exploit that takes advantage of database query software that does not thoroughly test the query statement for correctness. Along with cross-site scripting (see XSS), SQL injection is used to break into websites and extract data or embed malicious code. See buffer overflow.
Copyright © 1981-2019 by The Computer Language Company Inc. All Rights reserved. THIS DEFINITION IS FOR PERSONAL USE ONLY. All other reproduction is strictly prohibited without permission from the publisher.
References in periodicals archive ?
<-> SQL Injection (several techniques) - Inserting an injection of SQL query in input from client to application, while exploiting a security vulnerability in an application's software.
In order to prevent and detect SQL injection, [8] proposed a neural neetwork approach which offers a new scheme for securing an information so as to avoid difficulty in transmission over network.
Improper input validation may invite a range of attacks, like buffer overflow attacks, SQL injection attacks, cross-site scripting, and other code injection attacks [23].
It doesn't feel like a coincidence that the low-scan frequency languages PHP and JavaScript had a higher prevalence of major flaw categories like SQL injection, cross-site scripting, cryptographic errors, and credentials management flaws.
The rest of the paper is structured as follows: Section 2 describes the SQL injection, various attack scenarios, and the classification of SQL injection attacks.
SQL injection is well understood, defences exist and TalkTalk ought to have known it posed a risk to its data, the ICO investigation found.
These attacks often utilize SQL injection, a code injection technique, to attack data-driven applications by inserting nefarious SQL statements into the request entry fields for execution.
The seventeen selections that make up the main body of the text are devoted to prevention of SQL injection attacks in web browsers, developing security enabled applications for web commerce, securing financial transactions on the internet, and a wide variety of other related subjects.
- Exploits and Ongoing Security Events: SQL Injection, Heartbleed.
It also hopes to address security flaws like Cross-Site Scripting (XSS), SQL Injection, Misuse/Unauthorised use of MobiKwik's APIs, improper TLS protection, and leaking of sensitive customer data.
These issues include XSS Vulnerability, SQL Injection vulnerability, several XXE Injection Vulnerabilities ([1], [2]), and User Enumeration vulnerability.
He is also the author of multiple publications on securing against SQL injection attacks.