---
type: video
yt_id: VVU2YVRMdUlfajQtMHdpRFN6bWFQY3RRLkhoNkNickRyMExr
videoId: Hh6CbrDr0Lk
title: "SQL Injection"
date: "2020-01-16T19:33:10Z"
slug: "sql-injection-sql-is-demon-spawn"
image: 
  name: "sql-injection.jpg"
  alt: "SQL Injection"
  width: 1280
  height: 720
status: 'published'
description: "In this video, we will take a look at how to perform some SQL injection attacks on a site, and we'll learn how to protect our sites from attacks."
tags: ['database', 'relational database', 'sql', 'mysql', 'postgres']
---

In this video, we will take a look at how to perform some SQL injection attacks on a site, and we'll learn how to protect our sites from attacks.

> SQL is demon spawn, and no self-respecting software developer should ever use it.
> 
> [https://blog.cleancoder.com/uncle-bob/2017/12/03/BobbyTables.html](https://blog.cleancoder.com/uncle-bob/2017/12/03/BobbyTables.html)

SQL databases have been around since the 70s and most websites these days use a SQL database to store data. However, SQL Injection attacks have been one of the most most common hacking techniques for the past 20 years.

In this video, we will take a look at how to perform some SQL injection attacks on a site, and we'll learn how to protect our sites from attacks.

The site I made serves up data about the Oscars. just enter the name of an actor, and you get details about them. I have two versions of this site, one in javascript using node, and one in PHP. We hack both versions.

Code: [https://github.com/meech-ward/sql\_injection](https://github.com/meech-ward/sql_injection)

Injections:

[https://raw.githubusercontent.com/meech-ward/sql\_injection/master/sql/injection.md](https://raw.githubusercontent.com/meech-ward/sql_injection/master/sql/injection.md)

Also, check out one of my favorite videos on the subject from computerphile: [https://www.youtube.com/watch?v=ciNHn38EyRc](https://www.youtube.com/watch?v=ciNHn38EyRc)