Skip to main content

SQL Injection kese kaam krta he🤔




 SQL Injection ek technique hai jo attacker ko ek database mein unauthorized access ya manipulation karne ka moka deti hai. Yeh tab hota hai jab koi application user ke input ko SQL query mein directly use karti hai bina us input ko sanitize kiye. Aise mein, agar attacker apne input mein malicious SQL code inject kar de, toh woh database ke data ko access, modify, delete ya manipulate kar sakta hai.

Kaise Kaam Karta Hai

  1. Vulnerable Input Field: Jab kisi website mein koi input field ho (jaise username ya password), aur woh input directly SQL query mein bina sanitize kiye use ho, toh woh vulnerable hoti hai.

  2. SQL Query Manipulation: Attacker usually input ke sath SQL syntax add karta hai, jo existing query ko manipulate karti hai. Example:

    sql

    SELECT * FROM users WHERE username = 'user' AND password = 'password';

    Agar attacker username field mein user' OR '1'='1 daal de, toh query kuch aise ban jayegi:

    sql

    SELECT * FROM users WHERE username = 'user' OR '1'='1' AND password = 'password';

    Yeh query "OR '1'='1'" ki wajah se hamesha true return karti hai, jo database ko unauthorized access dene ka moka deti hai.

  3. Database Commands: Advanced level par, attacker UNION, DROP TABLE, ya -- jaise commands bhi use kar sakta hai jo database ko manipulate ya damage kar sakti hain.

SQL Injection Se Bachav Kaise Kare

  1. Parameterized Queries (Prepared Statements): Yeh queries input ko as a data treat karti hain, code ke taur par nahi. Jaise:


    cursor.execute("SELECT * FROM users WHERE username = ? AND password = ?", (username, password))

  2. Input Sanitization: Har user input ko sanitize kare, special characters ko escape karein aur input validate karein.

  3. Error Messages ko Limit Karna: SQL errors ko generic banayein taake attacker ko zyada details na mil sakein.

  4. Database Permissions ko Limit Karna: Database user permissions ko restrict karein taake agar SQL injection ho bhi jaaye, toh damage minimum ho.

SQL Injection ko effectively roknay ke liye yeh best practices follow karna zaroori hai.

Comments

Post a Comment

Popular posts from this blog

2024 ke Best Smartphones: Kya Kharidna Chahiye? 2024 ke Best Smartphones: Kya Kharidna Chahiye? Introduction 2024 mein smartphones ki duniya mein bahut saari innovations aur upgrades dekhe gaye hain. Har brand apne naye models ke sath market mein utar raha hai, jo technology, design, aur features mein behtareen hain. Aaj hum kuch best smartphones ki list banayenge jo aapke liye perfect ho sakte hain. 1. Apple iPhone 15 Pro Max Price: ₹1,49,900 (Starting) 6.7-inch Super Retina XDR display A17 Bionic chip for unmatched performance Advanced camera system with 5x optical zoom Long-lasting battery life with fast charging support Why Choose It? iPhone 15 Pro Max best performance, build quality, aur ecosystem ka combination offer karta hai, jo Apple fans ke liye perfect hai. 2. Samsung Galaxy S24 Ultra Price: ₹...
Post a Comment
Read more
5G vs. Wi-Fi 6: Which is Better for You? 5G vs. Wi-Fi 6: Which is Better for You? As technology evolves, the debate between 5G and Wi-Fi 6 becomes increasingly relevant. Both technologies promise faster internet speeds and improved connectivity, but they serve different purposes and use cases. In this article, we'll explore the unique features of each technology and help you determine which is better suited for your needs. Understanding the Basics 5G , the fifth generation of mobile networks, offers incredibly fast download and upload speeds, reduced latency, and the ability to connect more devices simultaneously. It is designed to provide seamless connectivity in urban areas and can support applications such as autonomous vehicles and smart cities. Wi-Fi 6 , on the other hand, is the latest iteration of wireless local area networks (WLAN). It brings enhanced performance in crowded environments, faster speeds, and im...
Post a Comment
Read more

Best Phones Under 20,000 INR

Best Phones Under 20,000 INR Best Phones Under 20,000 INR Finding a quality smartphone within a budget of 20,000 INR can be challenging, but several excellent options are available in this price range. Whether you’re looking for great performance, a solid camera, or long battery life, this list has you covered. Here are some of the best smartphones you can buy under 20,000 INR. 1. Xiaomi Redmi Note 12 Price: ₹16,499 The Xiaomi Redmi Note 12 offers a stunning display, impressive camera capabilities, and a powerful Snapdragon processor. With a large 5,000mAh battery, you can enjoy all-day usage without worrying about recharging. 2. Realme 10 Price: ₹17,999 The Realme 10 features a sleek design and a MediaTek Helio G99 processor that ensures smooth performance for gaming and multitasking. The 50MP dual-camera setup captures vibrant photos, making it a great choice for photography enthusiasts. 3. Samsung Gala...
Post a Comment
Read more