Archive - Originally posted on "The Horse's Mouth" - 2006-11-27 06:01:24 - Graham Ellis
An SQL injection attack is where a user of your form enters a piece of SQL code into it, and wraps it in special characters in such a way that the data entered doesn't get used for the purpose you had intended - it gets used to corrupt or destroy your database.
For example, if your form returns to $_REQUEST[message] and you write INSERT into msgtab (message) values ("$_REQUEST[message]")
in your code, then without the appropriate precautions I could enter Got you"); delete his database;
or words to that effect ... and that would be a nasty injection attack.
Note that most copies of PHP are configured with magic quotes on to insure against this kind of hole being left by newcomers to coding, and that my example - quite intentionally - doesn't exactly attack; rather, it shows the principle
As well as SQL injection attacks, Javascript can be injected too ... and even tags like <h1> can sometimes be injected to make the whole of the rest of a response page be shouted back at subsequent visitors to (say) a poorly written forum or chatroom.