Recall & Review
beginner
What is SQL injection?
SQL injection is a security attack where an attacker inserts malicious SQL code into a query to manipulate the database.
Click to reveal answer
beginner
How does SQL injection exploit a query?
It exploits queries by inserting extra SQL commands into input fields that are not properly checked, changing the query's behavior.
Click to reveal answer
beginner
Why is using user input directly in SQL queries dangerous?
Because attackers can add SQL code in the input, which the database runs, leading to data leaks or damage.
Click to reveal answer
intermediate
What is a common way to prevent SQL injection?
Use prepared statements or parameterized queries that separate code from data, so input can't change query structure.
Click to reveal answer
intermediate
Example: What happens if input is ' OR '1'='1 in a login query?
It changes the query to always be true, letting attackers bypass login without a password.
Click to reveal answer
What does SQL injection allow an attacker to do?
✗ Incorrect
SQL injection lets attackers run unauthorized SQL commands by inserting malicious code.
Which practice helps prevent SQL injection?
✗ Incorrect
Prepared statements separate code from data, stopping malicious input from changing queries.
What is a sign of a vulnerable SQL query?
✗ Incorrect
Directly inserting user input without checks can let attackers inject SQL code.
What can happen if SQL injection is successful?
✗ Incorrect
Attackers can steal or delete data by exploiting SQL injection vulnerabilities.
Which input could be used in SQL injection to bypass login?
✗ Incorrect
The input ' OR '1'='1 changes the query logic to always true, bypassing login checks.
Explain how SQL injection exploits a database query.
Think about how attackers use input fields to change what the database does.
You got /4 concepts.
Describe methods to prevent SQL injection attacks.
Focus on how to keep code and data separate in queries.
You got /4 concepts.