for project

1. Pre-defined SQL Statement
SELECT * FROM
tblBankRecords
WHERE userid = ‘" + userid + "’ ";
Malicious SQL
Code
userid=‘ OR ‘1’=‘1
User injects
malicious
SQL code
Application
constructs
SQL statement
Database executes
injected SQL
statement
Altered DB results
returned to user
SQL Injection: Original Sin
Malicious SQL Code
userid=JShmo
User input

2. Injected SQL Statement
SELECT * FROM tblBankRecords
WHERE userid = ‘’ OR ‘1’=‘1’
User injects
malicious
SQL code
Application
constructs
SQL statement
Database executes
injected SQL
statement
Altered DB results
returned to user
SQL Injection: Garbage In Garbage Out

3. Injected SQL Statement
SELECT * FROM tblBankRecords
WHERE userid = ‘’ OR ‘1’=‘1’
Manipulated
Database
Results
1==========
2==========
3==========
User injects
malicious
SQL code
Application
constructs
SQL statement
Database executes
injected SQL
statement
Altered DB results
returned to user
SQL Injection: execution

4. User injects
malicious
SQL code
Application
constructs
SQL statement
Database executes
injected SQL
statement
Altered DB results
returned to user
Manipulated
Database
Results
1==========
2==========
3==========
SQL Injection

5. 1: public boolean checkLogin() {
2:
3: // setup Connection object called conn
4:
5: String query = "SELECT Count(*) FROM Users WHERE
Username = '" + request.getParameter("user") + "'
AND Password = '" + request.getParameter("pass") + "'";
6:
7: Statement stmt = conn.createStatement();
8: ResultSet rs = stmt.executeQuery(query);
9:
10: // determine if authentication was successful
11: }
SQL Injection: in the code

6. The error and stack-dump:
A great Indication that you have a problem
SQL Injection