SQL Injection Attacks

by Abel R
SQL injection is a technique to attack a database through a website. SQL injection attacks are when an attacker attempts to or succeeds in inserting their own code into a pre-existing query (e.g. a product search). The aim is to get the application to perform an action that is unexpected and usually of benefit to the attacker(Morgan 2006).

I liked this article because it relates to our class by teaching us the concepts of SQL injections and gives us tips on how to prevent such attacks. As we develop our databases we must keep in mind and consider how secure the database is. By doing so, we mitigate compromising the information of the user and at the same time protect the reputation of the company.


Morgan, D. (2006). Web application security – SQL injection attacks. Network Security, 2006(4), 4-5. doi:10.1016/S1353-4858(06)70353-1

4 thoughts on “SQL Injection Attacks”

  1. I liked your post because it was informative. I had no idea what SQL injection was and now I do. I like reading interesting stuff about hacking also.

  2. I had heard of SQL injection before as well,but now i know what it actually is and how attacks try to exploit it. Many companies like “White Hat” get hired by a company to perform security checks on their database and one of the way they do that is with SQL Injections.

  3. Interesting article. I feel that it is important to know about possible security threats to any database that we develop in the future. I did not know that it was possible to disrupt a database through a website.

  4. Since we started using SQL in class, I feel that this is important for us to know about. Knowing the concept of SQL injections, and knowing how to prevent it from happening would be helpful. Since database information, which could be credit card information, passwords, etc. could be stolen by the attacker, SQL users should be aware of this potential problem.

Comments are closed.