{% extends 'core/Injections/injections.html' %} {% load static %}
Injections, more widely known as SQL Injections (SQLI), are common attacks aiming to exploit weaknesses in your websites through SQL code aimed at backend databases. Exploiting this type of vulnerability generally allows attackers to view and retrieve data they are not supposed to. This may include user data such as usernames, passwords, or other personal data, company data, and essential documents, among many others. In some situations, these attacks can escalate to permanent data loss or compromise to the underlying server. Some vulnerabilities that can lead to this attack are missing or insufficient data validation and sanitation, missing parametrization, faulty separation of queries, etc. As mentioned above, we can prevent these attacks by implementing validation, where each input our website receives is first checked and sanitized. Then we add parametrization where input is supplied into pre-prepared variables instead of the query. And at the end, we can prepare specific queries for each task. This tutorial will show you how to handle parametrization and data validation.