Product
Features Why Beagle Security? API Security Testing GraphQL Security Testing DevSecOps Compliance Cosmog: Private Tunnel WordPress Security Testing OWASP Security Testing Free Security Testing
Solutions
Pricing
Free tools
Website Security Assessment SSL Certificate Checker Domain Expiry Checker
Resources
Blog Developer Docs Help Center Guides Whitepapers Vulnerability Index Partners
Product tour
Blog Home
SQL Injection
04 Jul 2018

Inline Queries SQL Injection (SQLi)

04 Jul 2018
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05

When a string is written in the code instead of in a table in the database, it is referred to as “inline SQL”. The best way is to use string objects to build a query based on user input from the front end. Inline SQL exposes the command to SQL injection. The outcome can have catastrophic repercussions on the server including massive data breach.

Example

The below code is an example of an inline structure.

        $query = 'select usrnme, passwrd from User where user_id='. $_POST['user_id'];

Here user_id is taken from the textbox. This technique leaves the door open for attackers to attack. Using this query with SQLi, an attacker could potentially gain access to the administrator’s credentials.

Impact and Fixes

PRODUCT TOUR



Latest Articles

What are the common REST API security vulnerabilities?
March 8 2023
The 7 Best Veracode Alternatives in the Market Today
February 6 2023
DAST vs SAST: What are the differences and how to combine them
January 26 2023
Internal Penetration Testing: The Definitive Guide [2023]
January 19 2023
The Role of Bug Tracking in Ensuring Your Web Application's Security
January 11 2023

Explore morearrow



Popular in Injection

WordPress Authenticated SQL Injection
June 29 2022
SQL injection(SQLi)
May 4 2022
Union Query SQL Injection (SQLi)
July 4 2018
Stacked Queries SQL Injection (SQLi)
July 4 2018
Inline Queries SQL Injection (SQLi)
July 4 2018

Explore morearrow

Categories

Client Side URL Redirect Cookies Attributes IBM SQL injection injection Time Based Blind SQL Injection SSL Injection CRLF Content Security Policy CSRF HSTS CORS Information Leakage status code SRI metadata X-XSS-Protection owasp XSS Clickjacking Cookies Directory traversal DOM XSS Blind SQL Injection SQL Injection XML Injection blog TLS WordPress web security SMB Cyber attacks AI Web server Wordpress Data Security DOMECTF2020 Container security CMS Security Code Execution Content security policy Htaccess Bypass DOMECTF2021 Press Webinar RFI DevSecOps Web Security Cyber Attacks DOMECTF2022 openssl HTTP headers Compliance AppSec
Related Articles
WordPress Authenticated SQL Injection
SQL Injection
WordPress Authenticated SQL Injection
29 Jun 2022
SQL injection(SQLi)
SQL Injection
SQL injection(SQLi)
04 May 2022
Union Query SQL Injection (SQLi)
SQL Injection
Union Query SQL Injection (SQLi)
04 Jul 2018
Stacked Queries SQL Injection (SQLi)
SQL Injection
Stacked Queries SQL Injection (SQLi)
04 Jul 2018
Error based SQL Injection (SQLi)
SQL Injection
Error based SQL Injection (SQLi)
04 Jul 2018
Boolean based Blind SQL Injection (SQLi)
SQL Injection
Boolean based Blind SQL Injection (SQLi)
04 Jul 2018
WordPress SQL Injection
SQL Injection
WordPress SQL Injection
29 Jun 2018