Antipattern: Execute Unverified Input As Code
Let’s learn what problems occur when someone tries to execute unverified input as a code.
We'll cover the following
An SQL injection happens when we interpolate some content into an SQL query string, and the content modifies the syntax of our query in ways we didn’t intend. In the classic example of SQL Injection, the value we interpolate into our string finishes the SQL statement and executes a second complete statement. For instance, if the value of the $bug_id
variable is 1234; DELETE FROM Bugs
, the resulting SQL shown earlier would look like this:
Get hands-on with 1400+ tech skills courses.