SQL Injection Tutorial — Step-by-Step Guide with Examples | Vaarta
Learn SQL injection attacks step-by-step. Union-based, error-based, and blind SQLi techniques with real examples, detection methods, and prevention.
What is SQL Injection?
SQL injection (SQLi) is a code injection technique that exploits security vulnerabilities in database-driven applications. It occurs when user input is inserted into SQL queries without proper sanitization.
Why SQL Injection is Dangerous
How SQL Injection Works
Basic Authentication Bypass
**Vulnerable Code**:
```sql
SELECT * FROM users WHERE username = '$input' AND password = '$pass'
`**Attack Input**:
`Username: admin' OR '1'='1' --
Password: anything
`**Resulting Query**:
```sql
SELECT * FROM users WHERE username = 'admin' OR '1'='1' --' AND password = 'anything'
`The `--` comments out the password check, and `OR '1'='1'` is always true.
Union-Based SQLi
**Attack**:
`' UNION SELECT username, password FROM users --
`**Result**: Returns all usernames and passwords
Error-Based SQLi
**Attack**:
`' AND 1=CONVERT(int, (SELECT TOP 1 table_name FROM information_schema.tables)) --
`**Result**: Database structure leaked through error messages
Blind SQLi
**Attack**: Boolean-based
`' AND 1=1 -- (true - page loads normally)
' AND 1=2 -- (false - page behaves differently)
`**Attack**: Time-based
`'; WAITFOR DELAY '0:0:5' -- (5 second delay if vulnerable)
`Real-World Examples
Heartland Payment Systems (2008)
Sony Pictures (2011)
TalkTalk (2015)
Detection Methods
1. Manual Testing
Try these inputs in login forms:
`' OR '1'='1
admin' --
' UNION SELECT NULL --
`2. Automated Tools
3. Code Review
Look for:
Prevention
1. Parameterized Queries (Best)
```python
cursor.execute("SELECT * FROM users WHERE username = %s", (username,))
`2. ORM Usage
```python
User.objects.filter(username=username)
`3. Input Validation
```python
if not re.match("^[a-zA-Z0-9_]+$", username):
raise ValueError("Invalid username")
`4. Stored Procedures
```sql
CREATE PROCEDURE GetUser @username NVARCHAR(50)
AS
SELECT * FROM users WHERE username = @username
`Vaarta.space and SQLi
While our scanner focuses on DNS, SSL, and headers, understanding SQLi helps you:
Conclusion
SQL injection is preventable. Use parameterized queries, validate input, and test regularly.
Related Articles
OWASP Top 10 Vulnerabilities 2026 — Complete Guide with Examples | Vaarta
Complete guide to OWASP Top 10 web application vulnerabilities in 2026. Real-world examples, exploitation techniques, and prevention strategies for each risk.
2026-04-30API Security Best Practices for SaaS — OWASP Top 10防护指南 | Vaarta
Comprehensive API security guide for SaaS startups. JWT authentication, rate limiting, input validation, and OWASP API Security Top 10防护 strategies.
2026-05-30How to Check if a Domain is Secure — Free SSL, DNS, SPF Scanner | Vaarta
Learn how to check domain security for free. Scan SSL certificates, DNS records, SPF, DMARC, and HTTP security headers with AI-powered analysis.
Ready to check your domain security?
Run a free scan to identify potential vulnerabilities.
Start Free Scan