SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. This vulnerability is present when user input is manipulated for string literal escape characters embedded in SQL statements or user input is not sufficiently filtered and thereby unexpectedly executed.

How SQL Injection looks like?

Basic SQL Injections

If anybody want to pull up the records of particular user name from the user information table and if “username” variable is set as

By inputting the above code as user name , Let see how’s it work at back end?

If we use this type of code were in an authentication procedure then this example could be used to force the selection of a valid “username” because the evaluation of ‘y’='y’ is always true and you will be logged in as the user on top of the SQL table

Same way if the “username” variable is set as

If we use double dashes (–) than at the back end these dashes at the end tell the SQL server to ignore the rest of the query.

Same way more SQL Injection syntaxes are:

How can we get free from SQL Injection?

• Validate all input before using it.

We can validate the input by this way.

• • • Reject the input that contains the following characters:
      • Single Quote(‘)
      • Dash ( – )
      • /* and */
      • Semicolon ( ; )
      • Using stored procedures to validate user input.
• User parameterized input with stored procedures: Stored procedures may be susceptible to SQL injection if they use unfiltered input. So all the input provided to the stored Procedures is provided in the form of parameters
• · Filtering input: Replace a Single Quote (‘) with two Single Quotes (‘’) to filter the input.
• Limit the database permission: Use a limited access account to connect to the database
• Don’t store secrets in plain text: Encrypt or hash passwords and other sensitive data; you should also encrypt connection strings
• Exceptions should divulge minimal information: Don’t expose too much information in error messages; display minimal information in the event of error handling.

http://en.wikipedia.org/wiki/SQL_injection

http://www.secureworks.com/research/articles/sql-injection-attacks