SQL injection – theory in perspective
Summarizing all the theory aspects we examined in the first part of this book may seem quite difficult. Here, we will provide an overview of what we have covered in the same order in which we encountered them.
SQL injection in general
Let's first recap what SQL injection is and why it exists. SQL injection is caused inherently by SQL, which is a language responsible for interacting with relational database models. SQL is a very powerful language that's capable of performing a wide array of actions, including creating (CREATE
) and inserting (INSERT
) information within a database, deleting (DROP
for tables and databases, DELETE
for single entries), modifying (ALTER
) or, much more commonly in an application setting, just selecting and querying (SELECT
) its content with many different options. SQL injection allows malicious users to inject, within an existing operation, operations into the database that were not originally envisioned...