You may have heard of the term “SQL Injection” often or never before. So, what the heck is it? And, why should I worry about it? Below I try to put in lamen's terms what it is and why it is a bad thing.
In basic terms, it is a way to hack into a database and a website.
First, I will explain a little bit about what SQL means.
What is SQL?
Is it an acronym for something? Yes. It stands for Structure Query Language. It is not only an abbreviation and a programming “language”, is also a database. SQL Server is a database, it is often just referred to as a SQL Database. You may have also heard of “MySQL”. This is a free copy of a database with similar functionality that SQL Server offers.
So, if SQL is just a database, what about other databases you may have heard about? Is Oracle vulnerable to this type of hacking? What about Access?
The SQL programming language talks to the database objects, like tables. Example of tables may include customer data or order data. SQL is a very powerful language. It can do a lot of good things, like update data, delete data, insert data, read data, calculate complex things, create tables, delete tables and so much more. Stored procedures and SQL functions are “mini-programs” that wrap a little or a lot of SQL Language together in one package.
I've programmed some complicated stored procedures and functions that do much more than simply return data from a table. It is a really COOL and powerful programming tool and I really like working with it. Although Oracle and Access don't have the same powerful language they are also vulnerable to website hacking.
Since SQL is such a powerful language, if hackers get their hands into a hole in your website they could grab sensitive information, like contact names, numbers, addresses, social security numbers, credit card data. They could delete tables or update tables with corrupt data, like pornography links or malware. They could even take down your website. Lawsuits could result of this stolen information. Yuck!