$selecteduser = $_GET['user']; $sql = "SELECT Username, Key FROM Key"."WHERE Username='$selecteduser'"; $rs = $db->executeQuery($sql);
What if ‘user’ is a malicious string that changes the meaning of the query?
Web browser -> Enter Username & password -> Web server -> SELECT password FROM USERS WHERE uname IS ‘smith’ -> Database
Example SQL Injection Attack
DROP TABLE USERS; –, Eliminates all user accounts, Everything after — is ignored by DB
