Secure password storing • • 3/13


As long as developers of a website do not explicitely pay attention, input formulars are often vulnerable to SQL-injection. How easily this can be done, shall be demonstrated with a small example.

Fishes per water type:

Table: fishes
name water
Trout fresh
Shark salt
Carp fresh
Blowfish salt
Table: users
name password
Nemo nautilus
Blackbird treasure
Moby Dick orca
Piccard submarine2012
SELECT name, water FROM fishes WHERE water = '?'