SQL Injection¶
A SQL injection is a vulnerability, where external data are used to change the behavior of a SQL query.
In the example below, $_GET are directly used inside the query. By using a clever string (shown in comment), it is possible to bypass the whole condition and get access to any user.
Among the solutions to mitigate this problem : filter adequately the incoming data; use prepared statements.
<?php
// $_GET['name'] = '" OR 1 = 1 OR "';
$SQL_query = "SELECT * FROM users WHERE name=\\".$_GET['name']."\\" AND password=\".$_GET['pass']."\"";
$connexion->query($SQL_query);
?>
See also SQL Injection in PHP Web Applications, What is SQL injection and how to prevent it?
Related : Semicolon, Prepared Query, Injection