Knowledge organisersThreats to computer systems and networks

Forms of attack: The concept of SQL injection

Knowledge organiser

Threats to computer systems and networks

1.4.1a.vi

What you need to know

SQL injection is an attack where malicious SQL code is entered into a website's input fields (like login boxes or search forms). If the website does not properly validate input, the code can be executed by the database.

Key points

Definition:SQL Injection: an attack where specially crafted SQL code is entered into a website's input fields. If input is not validated, the malicious code runs on the database.
Can allow attackers to: view private data, modify or delete records, bypass authentication, or take control of the database.
Exploits websites that do NOT properly check/validate/sanitise user input.
Exam Tip:SQL injection targets the DATABASE through INPUT FIELDS. The defence is INPUT VALIDATION/SANITISATION — checking that input does not contain SQL commands.
Common Mistake:Saying SQL injection 'hacks the server'. It specifically targets the DATABASE by injecting code through input fields.

Knowledge organisersThreats to computer systems and networks

Forms of attack: The concept of SQL injection

All topics Practise exam questions

Knowledge organiser

Threats to computer systems and networks

1.4.1a.vi

What you need to know

Key points

Definition:SQL Injection: an attack where specially crafted SQL code is entered into a website's input fields. If input is not validated, the malicious code runs on the database.
Can allow attackers to: view private data, modify or delete records, bypass authentication, or take control of the database.
Exploits websites that do NOT properly check/validate/sanitise user input.
Exam Tip:SQL injection targets the DATABASE through INPUT FIELDS. The defence is INPUT VALIDATION/SANITISATION — checking that input does not contain SQL commands.
Common Mistake:Saying SQL injection 'hacks the server'. It specifically targets the DATABASE by injecting code through input fields.