How SQL Injection Works

Let's get a deeper understanding of how SQL works with some examples.

Our code works under ideal inputs, but does it stand up to malicious use? The wildcard parameter to generateWildcardSQLForJournalEntrySearch is controlled by the attacker.

How much influence can the attacker have over the generated SQL by just controlling the wildcard parameter? Just like the knock-knock joke from the beginning of this chapter, this SQL statement was written with a mental model of a template where user input fits into one part and stays in its place to create a full statement. Can the attacker-controlled input break out of that template and alter the structure of the overall statement? What keeps the attacker-controlled wild card in its part of the statement? The answer is the percent signs. What would happen if the attacker-controlled wildcard contained a percent sign?

Calling this:

generateWildcardSQLForJournalEntrySearch(1, "lindy hop%");

will generate this response:

Create a free account to view this lesson.

By signing up, you agree to Educative's Terms of Service and Privacy Policy