Out of all the attacks that happen in the wild on the internet, there is nothing that can embarrass a programmer more than having an SQL Injection attack done to them. And I am talking about a lot of different attacks. There are more dangerous attacks out there but yet for some reason most programmers hate to be caught with their pants down when it comes to an SQL Injection attack.
Some people might ask why is that one so bad compared to the others that are out there?
The reason why is simple. Because there are no other attacks that you are prepped against more than an SQL injection attack. If you are a modern day programmer the first thing that you learn how to stop is an SQL Injection attack. So for you as a programmer to be taken down by one can be quite embarrassing and make the people who employ you think less about your skills. But what is an SQL injection attack? Let’s find out.
An SQL Injection attack is when an attacker goes after the database on your system. They are able to do this by placing a piece of code inside one of the forms that is on your web site. They either do this by writing the code directly or in the form of a Hexadecimal number. Once it is in the system it will issue the database a command that usually only the person running the site can issue. It is an old school but very effective form of attack but like I said earlier, it is one that should be easy to stop.
There are certain functions available in today’s modern programming language that are there just for the purpose of stopping this kind of an attack. You use the code to filter out any data that is placed in the form of your web site and it should be able to stop any malicious data from coming in. And that is why it is embarrassing when something like this happens. It is a programming mistake and the attacker got lucky.