SQL Injection MEMExplained

Aman Garg
4 min readDec 20, 2021

--

Source

Letā€™s read what is SQL injection as explained by Wikipedia.

SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker)ā€¦ā€¦

Not so fun?
Do you like MEMES? Yes? Great! šŸ„³
Letā€™s have a look at some witty SQL injection memes (and also learn a bit about SQL injection).

A nice way to prevent SQL injectionā€¦ No, really! Bonus: You can skip reading this article if you do this šŸ˜‚

Letā€™s start with an easy one

No SQL query, I promise šŸ˜›

Source

Well, SQL injection kinda works like that.

The motive of an SQL query is to perform a legitimate operation on database. But by sending malicious input to the query, users can force it to execute some additional unwanted operations.

Example: Saying the name ā€œWingardium Leviosa Potterā€ will trigger the spell ā€œWingardium Leviosaā€ automatically.

Ok, time to level up

Letā€™s understand the same with some SQL, and then we will come back to memes šŸ˜‰

If youā€™re here just for looking at some SQL memes, you can directly scroll down to the next section šŸ˜’

You have an E-Commerce website which allows users to search for products by typing text in a search box. And letā€™s say your SQL query handling the same is as simple as this:

Original SQL Query

A user is free to search for anything. And anything they search will get appended to your query as searchBoxInput.

If a user searches for something like:

Oreo" OR 1=1; --

Your query becomes:

Complete query with 1=1

Double hyphen comments out anything after itself in SQL. So, the executed query is:

Executed query with 1=1

Since 1=1 is always true, the user is able to get all the data in the products table, and not only the data for Oreo.

This is a very simple example, but the user can type:

Oreo"; DROP TABLE products; --

which makes your query

Query with DROP TABLE

which can delete your products table.

Try searching for something like:

Oreo" UNION (SELECT TABLE_NAME, TABLE_SCHEMA, 1, 2 FROM information_schema.tables); --

I will leave this up to you to figure out what this does šŸ¤“

Now, back to memes šŸ„³

Source

Save yourself from getting traffic tickets. Use SQL Injection!!

INSERT INTO trafficTickets (vechileNumber, ticketId, ticketCount) VALUES ('ZU 0666', 0, 0);DROP DATABASE TABLE;

BOOM!! šŸ˜Ž

Source

I would have dropped the table storing the count of my wishes šŸ˜›

Source

This is why you should NOT take an injection from a software engineerā€¦ šŸ¤­

Source

Software engineers hacking their way to heaven šŸ˜‚

Source

Software engineer moms be like šŸ˜›

Canā€™t close without this one

Roses are redā€™);
DROP TABLE rhymes;
Learn to sanitise,
Your inputs next time.

How to prevent SQL injection?

Wait, didnā€™t I already tell you this!! šŸ˜…

Thanks for reading

Follow for more stories.
They will either be fun, or useful, or neither. But follow me anyway šŸ¤Ŗ

LinkedIn: https://www.linkedin.com/in/heizaman/
Instagram: https://www.instagram.com/heizaman/
Twitter: https://twitter.com/HeIzAman
Medium: https://heizaman.medium.com/

--

--

Aman Garg
Aman Garg

No responses yet