What is an injector? (HTML, SQL, etc etc)?

SQL Injection is probably what you're asking about, is it not? SQL Injection is where your SQL query statement and your webpage programming is not that secure, and can be modified by using a text form box to cause destruction.

Example:

Your script will update a member account's information, like a name they entered for instance.

UPDATE users SET name='$_POST[name]' WHERE username='$_COOKIE[username]';

This will probably happen if you're not using $_POST[] or $_GET[].

Here's what they might type in - in a form box to submit to the query above:

Mike'; DROP TABLE users

So, this will be the query that they submitted, and will delete the "users" database table:

UPDATE users SET name='Mike'; DROP TABLE users WHERE username='$_COOKIE[username]';

See? They can break the query into two with what they submitted into the text box.
 
SQL Injection is probably what you're asking about, is it not? SQL Injection is where your SQL query statement and your webpage programming is not that secure, and can be modified by using a text form box to cause destruction.

Example:

Your script will update a member account's information, like a name they entered for instance.

UPDATE users SET name='$_POST[name]' WHERE username='$_COOKIE[username]';

This will probably happen if you're not using $_POST[] or $_GET[].

Here's what they might type in - in a form box to submit to the query above:

Mike'; DROP TABLE users

So, this will be the query that they submitted, and will delete the "users" database table:

UPDATE users SET name='Mike'; DROP TABLE users WHERE username='$_COOKIE[username]';

See? They can break the query into two with what they submitted into the text box.
 
Back
Top