SQL, or Structured Query Language is a standard Database language which is used to create, maintain and retrieve the relational database. It is mainly used to retrieve structured data for relational databases such as Microsoft, Oracle and MySQL. These databases are used as back end for web applications and content management systems.
An SQL injection is a successful attack on the database wherein it gives a hacker a broad range of powers like modifying web site content, capturing confidential data such as account credentials or other critical business details
How can it be prevented?
First and foremost step in preventing SQL injection is to find out where the vulnerability lies in your application by using automated SQL Injection tools. Then the vulnerability should be fixed.
Few SQL Injection Prevention methods are as follows :
- Validate user data using built in functions to track for malicious data
- Prevent usage of dynamic SQL by using prepared statements, parameterized queries or stored procedures
- Apply patches and update at the earliest
- Use firewall to filter malicious data
- Use better software
- Give appropriate privileges