====== SQL Injection Attack ======

Put simply, an SQL injection attack is an attempt to pass malicious code or other data to an underlying SQL RDBMS.  Typically this is facilitated through code that blindly places user-input into SQL statements.

===== Exploited Vulnerability =====

  * [[security:functions:database_functions|Database functions]]

===== Additional Information =====

  * See [[security:web application security]] and [[catalog|security attacks catalog]].
  * [[http://www.spidynamics.com/whitepapers/Blind_SQLInjection.pdf|Blind SQL Injection (PDF)]]
  * [[http://www.spidynamics.com/whitepapers/WhitepaperSQLInjection.pdf|SQL Injection]]
  * [[http://www.php.net/manual/en/security.database.php|PHP Security: Database Security]]
  * [[http://www.phpsecure.info/v2/article/InjSql.php|MySQL Injection (french)]]