Tuesday, May 7, 2013

What is SQL injection? - Infographic

A lot of SQL queries function behind our everyday use, be it on Facebook, Twitter, Gmail or university result. The information that we enter in the web pages or web apps are taken and put into SQL queries to fetch our resutls. The simplest that anyone understands is their username and password for a specific online service. Okay, good. But what if someone passes some tricky input to those fields in order to mess up the system or just by mistake. If there is strong validation in presentation layer (in the user front-end itself), then user will be notified about the wrong/undesirable input, and what if there's no stringent validation?