How SQL Injection Works
Let's get a deeper understanding of how SQL works with some examples.
We'll cover the following
Our code works under ideal inputs, but does it stand up to malicious use? The wildcard parameter to
generateWildcardSQLForJournalEntrySearch is controlled by the attacker.
How much influence can the attacker have over the generated SQL by just controlling the wildcard parameter? Just like the knock-knock joke from the beginning of this chapter, this SQL statement was written with a mental model of a template where user input fits into one part and stays in its place to create a full statement. Can the attacker-controlled input break out of that template and alter the structure of the overall statement? What keeps the attacker-controlled wild card in its part of the statement? The answer is the percent signs. What would happen if the attacker-controlled wildcard contained a percent sign?
generateWildcardSQLForJournalEntrySearch(1, "lindy hop%");
will generate this response: