What is SQL Injection and how SQL queries work in database🤔

The full form of SQLi is (Structure Query Language injection).

What is SQL (Structure Query Language)?

Structured query language (SQL) is a programming language for storing and processing information in a relational database. A relational database stores information in tabular form, with rows and columns representing different data attributes and the various relationships between the data values.

How SQL queries works in database.

Query structure that work with database :

select * from users where username = '' and password = '';

And in some cases (where Id=) and it’s mean developer writing code in SQL language and not everything is in database are username so developer write👇

where Id ='';

What is SQL injection?

SQL injection is a security vulnerability that consists of an attacker interfering with the SQL

queries that an application makes to a database.

Look at the Following pictures 👇👇👇👇👇👇👇

A attacker add a single quotation and comment the extra code.

In the picture an attacker add a username of database and a single quotation to tell the database your first question is ending and after that attacker comment the extra code to ignore the password.

And hare you see attacker have full access to the database.

Now boom attacker have full access to the databas.

If you have not understand don’t worry watch my live with SairAli

https://www.youtube.com/live/Y7RV53xGgbg?si=MBl8KZJVvBuOLIZU

If you like it follow me on twitter

https://twitter.com/MrUnKnwn1241?t=nbX3XZ0-dB9jwzV50ljyJg&s=09

Buy me a coffee

If you want to support me then buy me a coffee.

https://www.buymeacoffee.com/mrunknown1241