sql injection

hi friends abhilash here

in this post you will learn some basic of sql injection

at first  what is SQL and SQLi ?


SQL is the shot for "structured query language".This language is needed to communicate with the database .                                                        
 A query is a set of instruction sent to the database which searches the   corresponding data in the database.


SQLi is a hacking technique use to use the database without any authorization


there are many ways of finding SQLi vulnerable site 

you can search using dorks that i have posted before

now i will demonstrate a simple example of SQL injection

let see an example

 http://www.xyz.com/details.php?id=10

now we have to check the site is vulnerable or not by just adding a single quote at the last of the url 

now the url becomes  

http://www.xyz.com/details.php?id=10'

if you find some data is missing on the page than that site is vulnerable to

 SQL injection 

an SQLi vulnerable site looks like this