Skip to main content

SQL Injection kese kaam krta he🤔




 SQL Injection ek technique hai jo attacker ko ek database mein unauthorized access ya manipulation karne ka moka deti hai. Yeh tab hota hai jab koi application user ke input ko SQL query mein directly use karti hai bina us input ko sanitize kiye. Aise mein, agar attacker apne input mein malicious SQL code inject kar de, toh woh database ke data ko access, modify, delete ya manipulate kar sakta hai.

Kaise Kaam Karta Hai

  1. Vulnerable Input Field: Jab kisi website mein koi input field ho (jaise username ya password), aur woh input directly SQL query mein bina sanitize kiye use ho, toh woh vulnerable hoti hai.

  2. SQL Query Manipulation: Attacker usually input ke sath SQL syntax add karta hai, jo existing query ko manipulate karti hai. Example:

    sql

    SELECT * FROM users WHERE username = 'user' AND password = 'password';

    Agar attacker username field mein user' OR '1'='1 daal de, toh query kuch aise ban jayegi:

    sql

    SELECT * FROM users WHERE username = 'user' OR '1'='1' AND password = 'password';

    Yeh query "OR '1'='1'" ki wajah se hamesha true return karti hai, jo database ko unauthorized access dene ka moka deti hai.

  3. Database Commands: Advanced level par, attacker UNION, DROP TABLE, ya -- jaise commands bhi use kar sakta hai jo database ko manipulate ya damage kar sakti hain.

SQL Injection Se Bachav Kaise Kare

  1. Parameterized Queries (Prepared Statements): Yeh queries input ko as a data treat karti hain, code ke taur par nahi. Jaise:


    cursor.execute("SELECT * FROM users WHERE username = ? AND password = ?", (username, password))

  2. Input Sanitization: Har user input ko sanitize kare, special characters ko escape karein aur input validate karein.

  3. Error Messages ko Limit Karna: SQL errors ko generic banayein taake attacker ko zyada details na mil sakein.

  4. Database Permissions ko Limit Karna: Database user permissions ko restrict karein taake agar SQL injection ho bhi jaaye, toh damage minimum ho.

SQL Injection ko effectively roknay ke liye yeh best practices follow karna zaroori hai.

Comments

Post a Comment

Popular posts from this blog

SQL kya hai?

  1. SQL kya hai? Jawaab: SQL ka full form hai "Structured Query Language". Yeh ek aisi language hai jisse hum computer ko bol sakte hain ke database (jaise ek badi kitaab ya register jisme data hota hai) se kuch information nikaale, badle, ya naye data ko store kare. SQL zyada tar database manage karne ke liye use hoti hai, jaise MySQL aur SQL Server. 2. Primary Key kya hoti hai? Jawaab: Primary Key ek aisa khaas column hota hai jo table ke har record ko unique banata hai, yaani har row alag hoti hai. Yeh key kabhi repeat nahi hoti aur NULL bhi nahi hoti. Jaise ek class mein har student ka alag roll number hota hai, waise hi Primary Key ek unique ID banati hai. 3. SQL mein Joins kya hote hain? Aur inke types batao. Jawaab: Joins ka kaam do ya zyada tables ke records ko jodna hota hai. Jaise ek table mein students ke naam hain aur doosri mein unke marks, toh join se dono tables ke data ko ek saath dekh sakte hain. INNER JOIN: Sirf wahi rows lata hai jo dono tables mein m...
Post a Comment
Read more
2024 ke Best Smartphones: Kya Kharidna Chahiye? 2024 ke Best Smartphones: Kya Kharidna Chahiye? Introduction 2024 mein smartphones ki duniya mein bahut saari innovations aur upgrades dekhe gaye hain. Har brand apne naye models ke sath market mein utar raha hai, jo technology, design, aur features mein behtareen hain. Aaj hum kuch best smartphones ki list banayenge jo aapke liye perfect ho sakte hain. 1. Apple iPhone 15 Pro Max Price: ₹1,49,900 (Starting) 6.7-inch Super Retina XDR display A17 Bionic chip for unmatched performance Advanced camera system with 5x optical zoom Long-lasting battery life with fast charging support Why Choose It? iPhone 15 Pro Max best performance, build quality, aur ecosystem ka combination offer karta hai, jo Apple fans ke liye perfect hai. 2. Samsung Galaxy S24 Ultra Price: ₹...
Post a Comment
Read more
5G vs. Wi-Fi 6: Which is Better for You? 5G vs. Wi-Fi 6: Which is Better for You? As technology evolves, the debate between 5G and Wi-Fi 6 becomes increasingly relevant. Both technologies promise faster internet speeds and improved connectivity, but they serve different purposes and use cases. In this article, we'll explore the unique features of each technology and help you determine which is better suited for your needs. Understanding the Basics 5G , the fifth generation of mobile networks, offers incredibly fast download and upload speeds, reduced latency, and the ability to connect more devices simultaneously. It is designed to provide seamless connectivity in urban areas and can support applications such as autonomous vehicles and smart cities. Wi-Fi 6 , on the other hand, is the latest iteration of wireless local area networks (WLAN). It brings enhanced performance in crowded environments, faster speeds, and im...
Post a Comment
Read more