{"id":18493300,"url":"https://github.com/aswinbarath/sql-injection-and-prevention","last_synced_at":"2025-04-08T22:30:43.213Z","repository":{"id":38214142,"uuid":"321982320","full_name":"AswinBarath/sql-injection-and-prevention","owner":"AswinBarath","description":"Demonstrates SQL injection attacks using malicious SQL queries and SQL prevention techniques.","archived":false,"fork":false,"pushed_at":"2023-09-03T07:35:27.000Z","size":26884,"stargazers_count":22,"open_issues_count":1,"forks_count":20,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-23T18:52:03.071Z","etag":null,"topics":["bootstrap4","css3","html5","javascript","mariadb-database","php"],"latest_commit_sha":null,"homepage":"https://sql-injection-and-prevention.herokuapp.com/","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AswinBarath.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-12-16T12:55:32.000Z","updated_at":"2025-03-23T14:36:03.000Z","dependencies_parsed_at":"2022-08-29T10:31:23.590Z","dependency_job_id":null,"html_url":"https://github.com/AswinBarath/sql-injection-and-prevention","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AswinBarath%2Fsql-injection-and-prevention","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AswinBarath%2Fsql-injection-and-prevention/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AswinBarath%2Fsql-injection-and-prevention/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AswinBarath%2Fsql-injection-and-prevention/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AswinBarath","download_url":"https://codeload.github.com/AswinBarath/sql-injection-and-prevention/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247939789,"owners_count":21021846,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bootstrap4","css3","html5","javascript","mariadb-database","php"],"created_at":"2024-11-06T13:13:37.876Z","updated_at":"2025-04-08T22:30:38.204Z","avatar_url":"https://github.com/AswinBarath.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SQL Injection and Prevention\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://sql-injection-and-prevention.herokuapp.com/\"\u003e\n\u003cimg src=\"./public/assets/SQL Injection.png\" width=\"60%\" alt=\"sql-injection-and-prevention\" /\u003e\n\u003c/a\u003e\n\u003c/p\u003e\n\nDemonstrates SQL injection attacks using malicious SQL queries and SQL prevention techniques.\n\n[Deployed project link](https://sql-injection-and-prevention.herokuapp.com/)\n\n---\n\n## Table of content\n\n- [Demo](#Demo)\n  - [SQL Injection Demo](#SQL-Injection-Demo)\n  - [Navbar Demo](#Navbar-Demo)\n- [What's unique in this Project](#whats-unique-in-this-project)\n- [What's SQL Injection](#whats-sql-injection)\n- [Technologies](#Technologies)\n- [Installation](#Installation)\n- [Contributors](#Contributors)\n\n---\n\n## Demo\n\n### SQL Injection Demo\n\n- In this demo, the Database Schema is displayed first\n- Later, 4 sets of Login credentials are tested:\n\t1. Correct credentials present in the user database\n\t2. Wrong credentials to show the failure message\n\t3. First SQL Injection example is demonstrated\n\t4. Later the Second SQL Injection example is demonstrated\n\n\n\u003cp\u003e\n\u003cimg src=\"./public/assets/SQL Injection Login.gif\" alt=\"SQL Injection\" /\u003e\n\u003c/p\u003e\n\n### Navbar Demo\n\n- In this demo, the Navigation bar is demonstrated\n\u003cp\u003e\n\u003cimg src=\"./public/assets/SQL Injection Navbar.gif\" alt=\"SQL Injection\" /\u003e\n\u003c/p\u003e\n\n---\n\n## What's unique in this Project\n\n- The project is deployed as Microservices of Front-end, Server, and Database using Heroku Cloud Platfrom\n- Demostrates SQL Injection in an elegant way using **LAMP** stack\n- Follows best practices and code readability \n\n---\n\n## What's SQL Injection\n\n- SQL injection is an attack used to take over database servers by dynamically poisoning SQL queries.\n\t- SQL injection is a cybersecurity vulnerability where attackers input malicious SQL (Structured Query Language) code into a web application's input fields.\n\t- If the application doesn't properly validate or sanitize the input, it can execute unintended database commands.\n\t- This can lead to unauthorized access, data theft, or manipulation of the database.\n- To prevent SQL injection, developers should use parameterized queries or prepared statements and validate user inputs.\n\t- Security measures like input validation and output encoding are crucial to mitigate this risk.\n- In this attack, a special SQL query is passed as user input to the login page.\n\t- Later, when the backend code compiles the input along with the SQL query.\n\t- The code then gets hijacked because these queries will change the meaning of the backend code.\n- The SQL injection queries used for this demonstration project are: `' or 1=1--`\n\t- This query will change all the SQL statements to always be true because of the or keyword.\n\t- And the rest of the SQL statement after `'--'` will be commented. `admin' or '1'='1`\n- This query will change all the SQL statements and will also always be true. Because of the `or` keyword, the two expressions produce true values.\n\n---\n\n## Technologies\n\n### Front End\n\n- [HTML5](https://html.com/)\n- [CSS3](https://www.w3.org/Style/CSS/Overview.en.html)\n- [Bootstrap4](https://getbootstrap.com/)\n- [JavaScript](https://www.javascript.com/)\n\n### Back End\n\n- [XAMPP](https://www.apachefriends.org/download.html)\n    - [Apache HTTP Server](https://httpd.apache.org/)\n    - [MariaDB database](https://mariadb.com/)\n    - [PHP](https://www.php.net/)\n\n---\n\n## Installation\nTo get the project working, you need to install the following dependencies.\n1. [XAMPP Control Panel](https://www.apachefriends.org/download.html)\n2. [Heroku CLI](https://devcenter.heroku.com/articles/heroku-cli)\n\n---\n\n## Contributors\n\n- T Aswin Barath \u003chttps://github.com/AswinBarath\u003e\n\n---\n\n**[⬆ Back to Top](#Table-of-content)**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faswinbarath%2Fsql-injection-and-prevention","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faswinbarath%2Fsql-injection-and-prevention","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faswinbarath%2Fsql-injection-and-prevention/lists"}