SQL Injection Attacks by Example…
Great article here on SQL injection attacks.
SQL injection is a hacking method, wherein form submission values are interjected with SQL commands with the intent of gathering information or doing damage on the backend DB which houses the site’s data. It is pretty common practice now for sites to use a DB for storing data. Then the pages will be generated dynamically from the stored data upon request instead of it being saved statically as html files.
One of my programming practice is to replace all text’s coming into the site which are valid sql commands. Ex. select becomes s*elect, delete=d*elete, etc… (I should remember to decode them back to their original form when presenting them for viewing *snicker*) there are of course other less obtrusive methods that are employed but that last bit is just my obsessive compulsive behaviour kicking in…
However, no matter how much defense you put into a site so that you won’t get hacked, I’d have to say the first layer that one should always employ is to not piss people off enough for them to want to hack your site *snicker*…
From reddit
[source]