What is SQL Injection?

by

Hello everyone,

Open your website and go to the Login page.

  • Enter any value as the username.
  • For the password, enter the following text:
' or '1'='1

If the website allows you to log in without a valid username and password, then there is a serious problem in the login code.

This problem is called SQL Injection.

What is SQL Injection? (Beginner Explanation)
  • Websites use a database to store usernames and passwords.
  • The login page sends user input (username and password) to the database.
  • If the input is not properly checked, an attacker can enter special characters.
  • These characters can change the meaning of the database query.
  • As a result, the database may return data without proper authentication.

In simple words:
SQL Injection happens when user input is trusted blindly and used directly in database queries.

Why is SQL Injection Dangerous?
  • Anyone can log in without a password
  • Sensitive data can be exposed
  • Data can be modified or deleted
Important Note for Students

This example is shared only for learning and testing your own code.
You should use this knowledge to fix security issues, not to misuse websites.

A secure login page must:

  • Validate user input
  • Use prepared statements or parameterized queries