SQL
(PRONOM) |
Dan Tobias (Talk | contribs) |
||
Line 11: | Line 11: | ||
"SQL injection" is a security issue with a number of poorly-developed systems and websites, if user input is not properly sanitized before inserting it into SQL statements for database operations. "Dangerous" characters such as quotes need to be properly escaped or stripped, or else it is possible to include a quote to end the string an input field is being inserted into, and follow it with other commands which might do dangerous things with the database. Poorly-done attempts to avoid such attacks may also cause harm; for instance, if a programmer tries to strip out any substrings that might be SQL commands, they might end up rejecting perfectly valid names, street addresses, and so on which happen to have a string like "table" in them. | "SQL injection" is a security issue with a number of poorly-developed systems and websites, if user input is not properly sanitized before inserting it into SQL statements for database operations. "Dangerous" characters such as quotes need to be properly escaped or stripped, or else it is possible to include a quote to end the string an input field is being inserted into, and follow it with other commands which might do dangerous things with the database. Poorly-done attempts to avoid such attacks may also cause harm; for instance, if a programmer tries to strip out any substrings that might be SQL commands, they might end up rejecting perfectly valid names, street addresses, and so on which happen to have a string like "table" in them. | ||
+ | |||
+ | [http://performinsider.com/2014/07/ed-magedson-founder-of-ripoffreport-com-facing-criminal-charges/ This article] claims that legal troubles could result from use of "potentially illegal SQL technology", but it's unclear what that entails. | ||
== References == | == References == |
Revision as of 12:11, 22 July 2014
SQL (Structured Query Language) is a database query language initially developed at IBM in the 1970s. It was originally called SEQUEL, but IBM changed the name due to a trademark conflict with another company. It is currently very popular as an interface language for relational database systems. Although it is officially standardized (ISO/IEC 9075, ISO/IEC 13249), SQL still has a number of incompatible "dialects", reminiscent of BASIC in its heyday.
SQL is frequently encountered in the form of queries sent to databases by programs in other languages, but it is a programming language in its own right with constructs sufficient to create large and complicated routines.
"SQL injection" is a security issue with a number of poorly-developed systems and websites, if user input is not properly sanitized before inserting it into SQL statements for database operations. "Dangerous" characters such as quotes need to be properly escaped or stripped, or else it is possible to include a quote to end the string an input field is being inserted into, and follow it with other commands which might do dangerous things with the database. Poorly-done attempts to avoid such attacks may also cause harm; for instance, if a programmer tries to strip out any substrings that might be SQL commands, they might end up rejecting perfectly valid names, street addresses, and so on which happen to have a string like "table" in them.
This article claims that legal troubles could result from use of "potentially illegal SQL technology", but it's unclear what that entails.