SQL Injection ka Funda
Understand how SQL Injection works with Fullstackgada
More Diagrams
Follow for More
🔒 SQL Injection Attack Demo
Bhide ki Problem: Bhide ne user input ko seedha SQL query mein daal diya. Dekhte hain kaise hacker iska fayda uthata hai!
Server Log:
Login attempt ka wait kar raha hai...
🛡️ Protection ke Tareeke
Jethalal ka Solution: Prepared statements aur proper validation se SQL injection ko roka ja sakta hai.
// Prepared Statement Example (Safe)
const query = "SELECT * FROM Users WHERE username = ? AND password = ?";
db.prepare(query).get(username, hashedPassword);
// User input automatically escaped hota hai
// Input Validation
function validateInput(input) {
return input.replace(/['"\\;]/g, '');
// Dangerous characters hatao
}
1
Hamesha parameterized queries use karo
2
Passwords ko bcrypt/SHA-256 se hash karo
3
Sabhi user inputs ko validate karo
4
Jab possible ho, ORM tools use karo
💬 Jethalal aur Bhide ki Baat
🔍 Vulnerable vs Secure Code ki Takkar
| Aspect | ❌ Vulnerable Code | ✅ Secure Code |
|---|---|---|
| Query Building | String concatenation | Prepared statements |
| Input Handling | Direct insertion | Parameter binding |
| Password Storage | Plain text comparison | Hashed comparison |
| Risk Level | 🔴 High (Pura bypass) | 🟢 Low (Attack block) |