butterfly/kb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a077493dc0
kb/data/developer.mozilla.org/en-US/docs/Glossary/SQL_Injection-0.md

12 KiB
Raw Blame History

title chunk source category tags date_saved instance
SQL injection - Glossary | MDN 1/3 https://developer.mozilla.org/en-US/docs/Glossary/SQL_Injection reference web, html, css, javascript, documentation 2026-05-05T05:44:01.773632+00:00 kb-cron

MDN HTML HTML: Markup language

HTML reference

HTML guides

Markup languages

CSS CSS: Styling language

CSS reference

CSS guides

Layout cookbook

JavaScriptJS JavaScript: Scripting language

JS reference

JS guides

Web APIs Web APIs: Programming interfaces

Web API reference

Web API guides

All All web technology

Technologies

Topics

Learn Learn web development

Frontend developer course

Learn HTML

Learn CSS

Learn JavaScript

Tools Discover our tools

About Get to know MDN better

Blog

  1. Glossary
  2. SQL injection

SQL injection

SQL injection takes advantage of Web apps that fail to validate user input. Hackers can maliciously pass SQL commands through the Web app for execution by a backend database. SQL injection can gain unauthorized access to a database or to retrieve information directly from the database. Many data breaches are due to SQL injection. Pie chart of most common vulnerabilities: SQL Injection is responsible for 50% of vulnerabilities, Cross Site Scripting is responsible for 42% of vulnerabilities, Source Code Disclosure is responsible for 7% of vulnerabilities. Original source

In this article

How It Works

Screenshot of the login form with username and password fields After entering username and password, behind the GUI the SQL queries work as follows: Now suppose User enters the Username: admin and Password: passwd123, so after clicking on the Log in button, SQL query will run as follows: If the credentials are correct, then the user is allowed to log in, so it's a very simple (and therefore insecure) mechanism. Hackers use this insecurity to gain unauthorized access. Hackers use a simple string called a Magical String, for example: Username:admin Password:anything 'or'1'='1 After clicking on the login button, the SQL query will work as follows: Just take a closer look at the above query's password section.

Password=' anything 'or'1'='1 '

The password is not 'anything', hence password=anything results in FALSE, but '1'='1' is a TRUE statement and hence returns a TRUE value. Finally, due to the OR operator, the value (FALSE OR TRUE) is TRUE, so authentication bypasses successfully. Just due to a simple string (Magical String) the entire database is compromised.

How To Prevent

Before executing the queries for the user credentials, make some changes like the following: So due to (1) each single quote (') in the input string is replaced with double quotes ("), and due to (2) before every (') it adds (/). The revised magical string fails to bypass the authentication, and your database stays secure.

See also