Overview
- Bug Type:
- SQL injection
- Category:
- Security
Definition
Untrusted input is concatenated into SQL so that an attacker alters query logic to read/modify data.
How to fix SQL injection?
Use parameterized queries/ORM bind variables; avoid string building; enforce least-privilege DB accounts; validate inputs; add tests for injection payloads
Symptoms
Observable signs that may indicate SQL injection:
- Unexpected rows returned or privilege changes after user-controlled input.
- Database errors mentioning syntax near quotes or UNION/SELECT.
- Blind timing differences when injecting logical conditions (e.g., sleep/delay).
Example Errors:
- SQL syntax error near '...'
- ORA-00933: SQL command not properly ended
- PostgreSQL error: unterminated quoted string