SQL injection 👨‍💻 Simplified , inorder to protect against it.

Sometimes, when we write SQL queries , we may unknowingly leave a security hole that allows someone to misuse our code. It’s like leaving a secret door unlocked, and someone with bad intentions can sneak in and do things they’re not supposed to do.

This is called SQL injection and can be dangerous.See an example of vulnerable code that is susceptible to SQL injection on the left if someone enters a special username or password with malicious intent, they can manipulate the query to gain unauthorized access to the system.

On the right we fix this vulnerability and keep our data safe, we use a technique called parameterized queries or prepared statements. It’s like using a special lock on the secret door to prevent unauthorized access.

In the fixed code, we use placeholders like ‘?’ in the query to represent the values we want to include. Then, we provide the actual values in a separate variable called ‘params’.

This way, even if someone tries to manipulate the input, the database understands that those values are just data and not part of the query itself.

By using parameterized queries, we ensure that our code is protected from SQL injection attacks, keeping our data safe and secure.

If you know how it works then you can protect it.

#securecoding #sqlinjection #databasesecurity #sast #owasptop10
Learn to solve real problems, Follow me on:

Linkedin, Github, Twitter, Hashnode and Medium for more insights.