Back to list
Lv.2

SQL Injection

SQL Injection

A cyberattack technique that exploits vulnerabilities in a website to manipulate its database without authorization.

In Simple Terms

SQL Injection is an attack technique where malicious commands are entered into a website's input fields to manipulate the database running behind the scenes. Attackers mix special characters into input forms to steal personal information that should never be visible, or rewrite data without permission. Since so many websites rely on databases to function, failing to guard against this attack can lead to serious data breaches.

Behind the Name

SQL Injection combines "SQL," the language used to communicate with databases, and "injection," meaning the act of forcing something in, like a shot of medicine. The name captures the image of injecting harmful commands into a website, the same way a syringe injects medicine into a body.

Take a Closer Look!

SQL Injection is a cyberattack where malicious commands designed to manipulate a database are sent through a website's input forms, letting attackers control the database running behind the scenes.
It targets weaknesses in input fields like search boxes and login screens found on websites.

Put simply, it's a technique that feeds a site's program characters it never expected, tricking the system into misreading them.
For example, on a login screen, an attacker might mix in special symbols along with a command that always evaluates to "true."
This can fool the system into granting access even without knowing the correct password.

Falling victim to this attack puts personal information and credit card details stored in the database at risk of being stolen.
Beyond that, data can be deleted without permission, or the contents of the website itself can be rewritten.
To defend against this, developers building websites treat entered characters strictly as text rather than as commands, building in safeguards that prevent them from being executed.

CategorySecurityWeb