Skip to main content

SQL Injection kese kaam krta he🤔




 SQL Injection ek technique hai jo attacker ko ek database mein unauthorized access ya manipulation karne ka moka deti hai. Yeh tab hota hai jab koi application user ke input ko SQL query mein directly use karti hai bina us input ko sanitize kiye. Aise mein, agar attacker apne input mein malicious SQL code inject kar de, toh woh database ke data ko access, modify, delete ya manipulate kar sakta hai.

Kaise Kaam Karta Hai

  1. Vulnerable Input Field: Jab kisi website mein koi input field ho (jaise username ya password), aur woh input directly SQL query mein bina sanitize kiye use ho, toh woh vulnerable hoti hai.

  2. SQL Query Manipulation: Attacker usually input ke sath SQL syntax add karta hai, jo existing query ko manipulate karti hai. Example:

    sql

    SELECT * FROM users WHERE username = 'user' AND password = 'password';

    Agar attacker username field mein user' OR '1'='1 daal de, toh query kuch aise ban jayegi:

    sql

    SELECT * FROM users WHERE username = 'user' OR '1'='1' AND password = 'password';

    Yeh query "OR '1'='1'" ki wajah se hamesha true return karti hai, jo database ko unauthorized access dene ka moka deti hai.

  3. Database Commands: Advanced level par, attacker UNION, DROP TABLE, ya -- jaise commands bhi use kar sakta hai jo database ko manipulate ya damage kar sakti hain.

SQL Injection Se Bachav Kaise Kare

  1. Parameterized Queries (Prepared Statements): Yeh queries input ko as a data treat karti hain, code ke taur par nahi. Jaise:


    cursor.execute("SELECT * FROM users WHERE username = ? AND password = ?", (username, password))

  2. Input Sanitization: Har user input ko sanitize kare, special characters ko escape karein aur input validate karein.

  3. Error Messages ko Limit Karna: SQL errors ko generic banayein taake attacker ko zyada details na mil sakein.

  4. Database Permissions ko Limit Karna: Database user permissions ko restrict karein taake agar SQL injection ho bhi jaaye, toh damage minimum ho.

SQL Injection ko effectively roknay ke liye yeh best practices follow karna zaroori hai.

Comments

Post a Comment

Popular posts from this blog

Best Phones Under 20,000 INR

Best Phones Under 20,000 INR Best Phones Under 20,000 INR Finding a quality smartphone within a budget of 20,000 INR can be challenging, but several excellent options are available in this price range. Whether you’re looking for great performance, a solid camera, or long battery life, this list has you covered. Here are some of the best smartphones you can buy under 20,000 INR. 1. Xiaomi Redmi Note 12 Price: ₹16,499 The Xiaomi Redmi Note 12 offers a stunning display, impressive camera capabilities, and a powerful Snapdragon processor. With a large 5,000mAh battery, you can enjoy all-day usage without worrying about recharging. 2. Realme 10 Price: ₹17,999 The Realme 10 features a sleek design and a MediaTek Helio G99 processor that ensures smooth performance for gaming and multitasking. The 50MP dual-camera setup captures vibrant photos, making it a great choice for photography enthusiasts. 3. Samsung Gala...
Post a Comment
Read more
5G vs. Wi-Fi 6: Which is Better for You? 5G vs. Wi-Fi 6: Which is Better for You? As technology evolves, the debate between 5G and Wi-Fi 6 becomes increasingly relevant. Both technologies promise faster internet speeds and improved connectivity, but they serve different purposes and use cases. In this article, we'll explore the unique features of each technology and help you determine which is better suited for your needs. Understanding the Basics 5G , the fifth generation of mobile networks, offers incredibly fast download and upload speeds, reduced latency, and the ability to connect more devices simultaneously. It is designed to provide seamless connectivity in urban areas and can support applications such as autonomous vehicles and smart cities. Wi-Fi 6 , on the other hand, is the latest iteration of wireless local area networks (WLAN). It brings enhanced performance in crowded environments, faster speeds, and im...
Post a Comment
Read more

The Future of Artificial Intelligence

The Future of Artificial Intelligence The Future of Artificial Intelligence Artificial Intelligence (AI) has become one of the most transformative technologies of our time, reshaping industries and enhancing our daily lives. As we look towards the future, AI's potential seems limitless, promising advancements that could revolutionize everything from healthcare to transportation. 1. Healthcare Revolution AI is set to play a pivotal role in healthcare, with innovations in diagnostics, personalized medicine, and patient care. Machine learning algorithms can analyze vast amounts of medical data, leading to earlier and more accurate diagnoses. For instance, AI can assist in identifying diseases from medical imaging with remarkable precision. Additionally, AI-driven tools can tailor treatment plans to individual patients, taking into account genetic information and lifestyle factors. 2. Autonomou...
Post a Comment
Read more