When you use standard Transact SQL it is easy to unknowingly insert rogue code into your query that could be used to change tables, get information and delete data.
You can easily prevent this by always using parameterised queries, most web languages have this feature and it is easy to implement.
Ensure you keep your dependencies up to date, and use tools like Gemnasium to get automatic notifications when a vulnerability is announced in one of your components.
SQL injection attacks are when an attacker uses a web form field or URL parameter to gain access to or manipulate your database.
Consider this query: Since '1' is equal to '1' this will allow the attacker to add an additional query to the end of the SQL statement which will also be executed.
You could fix this query by explicitly parameterising it.
Start with a free website, and select the premium features you need as your business grows.
With Yola, you can manage your domains, hosting, email, online store, and more, all in one convenient place.
You may not think your site has anything worth being hacked for, but websites are compromised all the time.
The majority of website security breaches are not to steal your data or mess with your website layout, but instead attempts to use your server as an email relay for spam, or to set up a temporary web server, normally to serve files of an illegal nature.