{"id":13226,"date":"2014-07-23T21:49:14","date_gmt":"2014-07-23T21:49:14","guid":{"rendered":"https:\/\/www.techopedia.com\/definition\/sql-injection-attack\/"},"modified":"2014-07-23T21:49:14","modified_gmt":"2014-07-23T21:49:14","slug":"sql-injection-attack","status":"publish","type":"definition","link":"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack","title":{"rendered":"SQL Injection Attack"},"content":{"rendered":"<h2><span id=\"what_does_sql_injection_attack_mean\">What Does SQL Injection Attack Mean?<\/span><\/h2>\n<p>An SQL injection attack is an attempt to issue SQL commands to a database via a website interface. This is to gain stored database information, including usernames and passwords. <\/p>\n<p>This code injection technique exploits security vulnerabilities in an application&#039;s database layer. Hackers exploit poorly coded websites and web apps to inject SQL commands, for example, taking advantage of a login form to gain access to the data stored in the database. <\/p>\n<p>In simple terms, SQL injection attacks occur because the user-input fields permit the SQL statements to pass through and directly query the database.<\/p>\n<h2><span id=\"techopedia_explains_sql_injection_attack\">Techopedia Explains SQL Injection Attack<\/span><\/h2>\n<p>Modern websites include login pages, search pages, support and product request forms, shopping carts, feedback forms and so on. <\/p>\n<p>These website features are all vulnerable to SQL injection attacks due to the availability of user-input fields. An attacker can easily execute arbitrary SQL statements if these websites are prone to SQL injection. This may compromise the databases&rsquo; integrity and can expose sensitive data. <\/p>\n<p>Based on the back-end database used, SQL injection vulnerabilities can result in varying levels of injection attacks. Attackers may manipulate existing queries, use subselects, or add additional queries. In some instances, it may be even possible to read in or write out to files. Also, the attackers may execute shell commands on the root operating system (OS). <\/p>\n<p>Some SQL Servers like Microsoft SQL Server incorporate stored and extended procedures. If an SQL injection attacker obtains access to these procedures, it can lead to highly undesirable outcomes. Improperly coded websites and webapps are always prone to this kind of attack. <\/p>\n<p>The ideal way to avoid injection attacks is by detecting the vulnerabilities of websites and web apps before going live. There are automated SQL injection scanners which help the penetration testers verify the vulnerability of websites and web apps for potential SQL injection attacks. <\/p>\n<p>This helps the web admin to instantly fix the vulnerable code and protect the websites from any potential SQL injection attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What Does SQL Injection Attack Mean? An SQL injection attack is an attempt to issue SQL commands to a database via a website interface. This is to gain stored database information, including usernames and passwords. This code injection technique exploits security vulnerabilities in an application&#039;s database layer. Hackers exploit poorly coded websites and web apps [&hellip;]<\/p>\n","protected":false},"author":7813,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"_acf_changed":false,"_lmt_disableupdate":"","_lmt_disable":"","om_disable_all_campaigns":false,"footnotes":""},"definitioncat":[218,222],"class_list":["post-13226","definition","type-definition","status-publish","format-standard","hentry","definitioncat-cybersecurity","definitioncat-database"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v23.8 (Yoast SEO v23.8) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What is an SQL Injection Attack? - Definition from Techopedia<\/title>\n<meta name=\"description\" content=\"This definition explains the meaning of SQL Injection Attack and why it matters.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SQL Injection Attack\" \/>\n<meta property=\"og:description\" content=\"This definition explains the meaning of SQL Injection Attack and why it matters.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack\" \/>\n<meta property=\"og:site_name\" content=\"Techopedia\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/techopedia\/\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@techopedia\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack\"},\"author\":{\"name\":\"Margaret Rouse\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/f5dd538e31ee352d105b8af36c4268a5\"},\"headline\":\"SQL Injection Attack\",\"datePublished\":\"2014-07-23T21:49:14+00:00\",\"dateModified\":\"2014-07-23T21:49:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack\"},\"wordCount\":337,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack#respond\"]}],\"articleSection\":\"\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack\",\"url\":\"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack\",\"name\":\"What is an SQL Injection Attack? - Definition from Techopedia\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/#website\"},\"datePublished\":\"2014-07-23T21:49:14+00:00\",\"dateModified\":\"2014-07-23T21:49:14+00:00\",\"description\":\"This definition explains the meaning of SQL Injection Attack and why it matters.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.techopedia.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Term\",\"item\":\"https:\/\/www.techopedia.com\/definition\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"SQL Injection Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.techopedia.com\/#website\",\"url\":\"https:\/\/www.techopedia.com\/\",\"name\":\"Techopedia\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.techopedia.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.techopedia.com\/#organization\",\"name\":\"Techopedia\",\"url\":\"https:\/\/www.techopedia.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg\",\"width\":209,\"height\":37,\"caption\":\"Techopedia\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/techopedia\/\",\"https:\/\/x.com\/techopedia\",\"https:\/\/www.linkedin.com\/company\/techopedia\/\",\"https:\/\/www.youtube.com\/c\/Techopedia\"],\"publishingPrinciples\":\"https:\/\/www.techopedia.com\/about\/editorial-policy\",\"ownershipFundingInfo\":\"https:\/\/www.techopedia.com\/about\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/f5dd538e31ee352d105b8af36c4268a5\",\"name\":\"Margaret Rouse\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/margaret-rouse-headshot.jpeg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/margaret-rouse-headshot.jpeg\",\"caption\":\"Margaret Rouse\"},\"description\":\"Margaret is an award-winning writer and educator known for her ability to explain complex technical topics to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles in the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret\u2019s idea of \u200b\u200ba fun day is to help IT and business professionals to learn to speak each other\u2019s highly specialized languages.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/margaretrouse\/\",\"https:\/\/x.com\/https:\/\/twitter.com\/@techdefinitions\"],\"knowsAbout\":[\"Technology expert\"],\"url\":\"https:\/\/www.techopedia.com\/contributors\/margaret-rouse\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"What is an SQL Injection Attack? - Definition from Techopedia","description":"This definition explains the meaning of SQL Injection Attack and why it matters.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack","og_locale":"en_US","og_type":"article","og_title":"SQL Injection Attack","og_description":"This definition explains the meaning of SQL Injection Attack and why it matters.","og_url":"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack","og_site_name":"Techopedia","article_publisher":"https:\/\/www.facebook.com\/techopedia\/","twitter_card":"summary_large_image","twitter_site":"@techopedia","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack#article","isPartOf":{"@id":"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack"},"author":{"name":"Margaret Rouse","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/f5dd538e31ee352d105b8af36c4268a5"},"headline":"SQL Injection Attack","datePublished":"2014-07-23T21:49:14+00:00","dateModified":"2014-07-23T21:49:14+00:00","mainEntityOfPage":{"@id":"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack"},"wordCount":337,"commentCount":0,"publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack#respond"]}],"articleSection":""},{"@type":"WebPage","@id":"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack","url":"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack","name":"What is an SQL Injection Attack? - Definition from Techopedia","isPartOf":{"@id":"https:\/\/www.techopedia.com\/#website"},"datePublished":"2014-07-23T21:49:14+00:00","dateModified":"2014-07-23T21:49:14+00:00","description":"This definition explains the meaning of SQL Injection Attack and why it matters.","breadcrumb":{"@id":"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.techopedia.com\/definition\/29781\/sql-injection-attack#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.techopedia.com\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity"},{"@type":"ListItem","position":3,"name":"Term","item":"https:\/\/www.techopedia.com\/definition"},{"@type":"ListItem","position":4,"name":"SQL Injection Attack"}]},{"@type":"WebSite","@id":"https:\/\/www.techopedia.com\/#website","url":"https:\/\/www.techopedia.com\/","name":"Techopedia","description":"","publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.techopedia.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.techopedia.com\/#organization","name":"Techopedia","url":"https:\/\/www.techopedia.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg","width":209,"height":37,"caption":"Techopedia"},"image":{"@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/techopedia\/","https:\/\/x.com\/techopedia","https:\/\/www.linkedin.com\/company\/techopedia\/","https:\/\/www.youtube.com\/c\/Techopedia"],"publishingPrinciples":"https:\/\/www.techopedia.com\/about\/editorial-policy","ownershipFundingInfo":"https:\/\/www.techopedia.com\/about"},{"@type":"Person","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/f5dd538e31ee352d105b8af36c4268a5","name":"Margaret Rouse","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/margaret-rouse-headshot.jpeg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/margaret-rouse-headshot.jpeg","caption":"Margaret Rouse"},"description":"Margaret is an award-winning writer and educator known for her ability to explain complex technical topics to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles in the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret\u2019s idea of \u200b\u200ba fun day is to help IT and business professionals to learn to speak each other\u2019s highly specialized languages.","sameAs":["https:\/\/www.linkedin.com\/in\/margaretrouse\/","https:\/\/x.com\/https:\/\/twitter.com\/@techdefinitions"],"knowsAbout":["Technology expert"],"url":"https:\/\/www.techopedia.com\/contributors\/margaret-rouse"}]}},"_links":{"self":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/definition\/13226"}],"collection":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/definition"}],"about":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/types\/definition"}],"author":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/users\/7813"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/comments?post=13226"}],"version-history":[{"count":0,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/definition\/13226\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media?parent=13226"}],"wp:term":[{"taxonomy":"definitioncat","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/definitioncat?post=13226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}