2.1.15. SQL Queries

  • Produces a relation/set of tuples
  • Can be used to extract a single tuple
  • e.g. SELECT bday, age
    • FROM student
    • WHERE fname='Tim' AND lname='Smith'
    • Result = (13-05-80, 20)
  • Argument quoting (')
    • SQL poisoning
    • Not null
    • Not numeric values
  • MySQL Attribute quoting (`)
    • Hypothetical attribute `all`, all, and ALL

SQL poisoning is a vulnerability exposed by inadequate escaping of arguments/variables used to compose SQL queries.

E.g. Tim in previous example, could be Tim'; DELETE FROM student;' SELECT * FROM student WHERE 1