Explain It Like I’m 5: What is SQL Injection?

It’s mutton time!

One fine Sunday morning, your beloved mother says to you: “Son, could you be a darling and run to the supermarket to get some eggs?”

“Ok Mom!”, you reply and off to the supermarket you go.

Half way there, you spot your Mom and she comes over to you a little awkwardly.

“Son, I’ve changed my mind” she says in a weird sounding voice.

“Forget the eggs, get some baby diapers instead” and as quickly as she appears, she disappears.

So, this all sounds a little weird to you. Why would Mother ask me to get diapers? There isnt’t a baby in the house! In fact, Mom looks kinda weird too. She’s not her usual self.

Something seems a little off but you don’t question wisdom of your mother and happily you get the diapers and return home.

Upon, reaching home, your Mother looks at you and wonders: “Son, where are the eggs? And why on earth did you buy baby diapers?”.

This is exactly what an SQL injection does: it takes the original instructions given by the computer, intercepts it with new instructions. If it’s an malicious SQL injection, the mysterious person masquerading as your Mom might have even told you to buy the eggs and then smash it. But as my friend eloquently put it: SQL injections are by definition not malicious but anecdotally, they almost always are.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s