This interactive lesson defines an SQL injection as an attack that interrupts the processes by which websites programmed in PHP request (query) specific content from a database using the SQL programming language. Attackers exploit the poor web design/PHP code of some websites by using special characters as control structures to access, delete, change, or otherwise alter the database. The interactive lesson concludes with the main principles of SQL injection prevention.

This interactive lesson was made possible by funding from National Science Foundation Grant # DUE 1601612 at Brookdale Community College in Lincroft, New Jersey – PI Mike Qaissaunee, with contributions from Dr. John Sands & Susan Sands of Moraine Valley Community College and Jaime Mahoney of Bunker Hill Community College.

All Interactive Lessons