What is SQL injection and types?

Question

Accepted Answer

SQL injection is a code injection technique that attackers use to exploit vulnerabilities in a web application's database layer.

SQL injection occurs when an attacker inserts malicious SQL code into a query, allowing them to manipulate the database.
Types of SQL injection include: 1) Classic SQL injection, 2) Blind SQL injection, 3) Time-based blind SQL injection, 4) Union-based SQL injection, 5) Error-based SQL injection, 6) Boolean-based blind SQL injection.
Example: An attacker may input ' OR '1'='1' --' into a login form to bypass authentication and gain unauthorized access to the application.
Preventing SQL injection involves using parameterized queries or prepared statements, input validation, and proper user access controls.

Accepted Answer

SQL is a web security vulnerability that allows an attacker to interfere with the the queries that an application makes to its database.

Top Rainfotech Security Analyst interview questions & answers