SQL Injection MEMExplained
Letās read what is SQL injection as explained by Wikipedia.
SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker)ā¦ā¦
Not so fun?
Do you like MEMES? Yes? Great! š„³
Letās have a look at some witty SQL injection memes (and also learn a bit about SQL injection).
Letās start with an easy one
No SQL query, I promise š
Well, SQL injection kinda works like that.
The motive of an SQL query is to perform a legitimate operation on database. But by sending malicious input to the query, users can force it to execute some additional unwanted operations.
Example: Saying the name āWingardium Leviosa Potterā will trigger the spell āWingardium Leviosaā automatically.
Ok, time to level up
Letās understand the same with some SQL, and then we will come back to memes š
If youāre here just for looking at some SQL memes, you can directly scroll down to the next section š
You have an E-Commerce website which allows users to search for products by typing text in a search box. And letās say your SQL query handling the same is as simple as this:
A user is free to search for anything. And anything they search will get appended to your query as searchBoxInput.
If a user searches for something like:
Oreo" OR 1=1; --Your query becomes:
Double hyphen comments out anything after itself in SQL. So, the executed query is:
Since 1=1 is always true, the user is able to get all the data in the products table, and not only the data for Oreo.
This is a very simple example, but the user can type:
Oreo"; DROP TABLE products; --which makes your query
which can delete your products table.
Try searching for something like:
Oreo" UNION (SELECT TABLE_NAME, TABLE_SCHEMA, 1, 2 FROM information_schema.tables); --I will leave this up to you to figure out what this does š¤
Now, back to memes š„³
Save yourself from getting traffic tickets. Use SQL Injection!!
INSERT INTO trafficTickets (vechileNumber, ticketId, ticketCount) VALUES ('ZU 0666', 0, 0);DROP DATABASE TABLE;
BOOM!! š
I would have dropped the table storing the count of my wishes š
This is why you should NOT take an injection from a software engineerā¦ š¤
Software engineers hacking their way to heaven š
Software engineer moms be like š
Canāt close without this one
Roses are redā);
DROP TABLE rhymes;
Learn to sanitise,
Your inputs next time.
How to prevent SQL injection?
Wait, didnāt I already tell you this!! š
Thanks for reading
Follow for more stories.
They will either be fun, or useful, or neither. But follow me anyway š¤Ŗ
LinkedIn: https://www.linkedin.com/in/heizaman/
Instagram: https://www.instagram.com/heizaman/
Twitter: https://twitter.com/HeIzAman
Medium: https://heizaman.medium.com/
