SQL Injection
SQL Injection Attack
Inserting malicious SQL code into application queries to access, modify, or delete database data.
기술 세부사항
SQL Injection occurs when user input is concatenated directly into SQL queries. Example: ' OR 1=1 -- turns a login query into 'SELECT * FROM users WHERE password = '' OR 1=1'. The primary defense is parameterized queries (prepared statements) where the database engine separates SQL logic from data values. ORM frameworks (Django ORM, SQLAlchemy, Prisma) generate parameterized queries automatically. Additional defenses: least-privilege database accounts, input validation, and WAF (Web Application Firewall) rules.
예시
```javascript
// SQL Injection — Web Crypto API example
const data = new TextEncoder().encode('sensitive data');
const hash = await crypto.subtle.digest('SHA-256', data);
const hex = Array.from(new Uint8Array(hash))
.map(b => b.toString(16).padStart(2, '0')).join('');
```
관련 포맷
관련 도구
P
Password Generator
P
Password Strength Checker
H
Hash Generator
H
HMAC Generator
A
AES Encrypt / Decrypt
R
Random String Generator
C
CSP Header Generator
T
Text Redactor
C
CORS Header Generator
S
SRI Hash Generator
B
Base64 인코더 / 디코더
J
JWT Decoder
U
UUID Generator
T
TOTP 설정기
S
SQL Formatter
S
SSL 인증서 디코더