What is a SQL Injection Vulnerability?

An SQL Injection attack is a code injection attack when input from an attacker reaches one of your databases without any filteration or validation. As a result of such an attack, a malicious user may be able to:

  • Execute any read / write / update / delete query on your database.
  • Execute system level commands and retrieve the output.
  • Read / write files into any accessible location on the server.

How do I fix an SQL Injection?

The following posts provided specific details for fixing SQL injection vulnerabilities in various programming languages and through a variety of methods.

PHP

ASP

.NET

Java