Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Contents
Current events
Random article
About Wikipedia
Contact us
Contribute
Help
Learn to edit
Community portal
Recent changes
Upload file
Special pages
Search
Search
Appearance
Donate
Create account
Log in
Personal tools
Donate
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Contents
move to sidebar
hide
(Top)
1
History
2
Root cause
3
Ways to exploit
Toggle Ways to exploit subsection
3.1
Getting direct output or action
3.2
Blind SQL injection
3.2.1
Conditional responses
3.3
Second-order SQL injection
4
SQL injection mitigation
Toggle SQL injection mitigation subsection
4.1
Core mitigation
4.1.1
Parameterized statements
4.1.2
Allow-list input validation
4.1.3
Least privilege
4.2
Supplementary mitigation
4.2.1
Object relational mappers
4.3
Deprecated/secondary approaches
4.3.1
String escaping
5
Examples
6
In popular culture
7
See also
8
References
9
External links
Toggle the table of contents
SQL injection
41 languages
العربية
Azərbaycanca
বাংলা
Català
Čeština
Dansk
Deutsch
Ελληνικά
Español
Euskara
فارسی
Français
한국어
Հայերեն
Bahasa Indonesia
Italiano
עברית
ქართული
Latviešu
Lombard
Magyar
മലയാളം
Bahasa Melayu
Монгол
Nederlands
日本語
Norsk bokmål
Polski
Português
Русский
Shqip
Slovenčina
Српски / srpski
Suomi
Svenska
Türkçe
Türkmençe
Українська
اردو
Tiếng Việt
中文
Edit links
Article
Talk
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Upload file
Permanent link
Page information
Cite this page
Get shortened URL
Download QR code
Print/export
Download as PDF
Printable version
In other projects
Wikibooks
Wikidata item
Appearance
move to sidebar
hide
From Wikipedia, the free encyclopedia
Computer hacking technique
