Hello my fellow programmers,

can anybody make some lights on the topic SQL injecting? I got this word while reading a book of vulnerable forums. But don't know much about this. Its about the forum security or something related I guess. I'm not sure though. Let me know please,

thanks.

I think what happens is that via inputs on the page, by placing special characters in the fields and submiting the webpage form, you can affect SQL queries, and for example delete all the data in your website's database...

Could be very painful, so I guess to overcome this type of attacks, you need to validate the form submission.

Thanks admin,

yeah you are right. This is mostly used in forums and bulletin board hackings. I read on the article that these guys use exploits to pass such queries to databases of vulnerable forum boards to get personal information like user passwords(mostly that of admins). But thank god phpbb and vbulletin are strong enough to defend this.

SQL injection is a code injection technique that exploits a security weakness occurring in the database layer of an application. The weakness is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is implanted inside another. SQL injection attacks are also known as SQL insertion