SQL Injection
Discover how we can use prepared statements to protect ourselves from SQL injection attacks.
We'll cover the following
Little Bobby Tables
SQL injection falls under the Injection category (the same category that XSS falls under) in the OWASP Top Ten. This makes sense because, in both cases, the root cause is the same—blindly trusting user-provided data.
SQL injection occurs when hostile data is directly used or concatenated within an SQL statement. The following statement is potentially dangerous because it opens us up to XSS attacks by trusting input that can be directly provided to us by our users:
Get hands-on with 1400+ tech skills courses.