Websites can still be hacked using SQL injection – Tom explains how sites written in PHP (and other languages too) can be vulnerable and have basic security issues.
More from Tom Scott: and
Follow the Cookie Trail:
CERN Computing Centre & Mouse Farm:
This video was filmed and edited by Sean Riley.
Computerphile is a sister project to Brady Haran’s Numberphile. See the full list of Brady’s video projects at:
How did you isolate his voice from the surrounding noise?
I'm pretty sure its actauly not pronounced see kwuel or s-q-l bit pronounced es kwuel. I read it in a book on sql database forming.
Prepared Statement guys.
Me and my friend always joked about naming a kid "DropTable" in our IS SQL intro course.
But I guess now I realized it should be something along the lines of: Frank";Droptable
Most of your videos explaining different attacks:
And that was all fine…until the web came about
It's SQL not sequel!
Best language is python
i am dot net developer , but i know lettle php i think php developers uses PDO which they can avoid the injection i use entity framework that's helps me to avoid injection
I know it's not the point of this video, but it's really nicely lit!
So the only useful part is from about 8:00 onwards where he talks about prepared statements
0:55 lol wut? I thought he invented html
Install gentoo
What's prepared statements?
just try to be a good programmer to be a good hacker
All hackers are here
What tools do you recommend to test your own website for vulnerabilities?
That's… ridiculous. How was (is?) a such thing even possible?, it's beyond dumb.
🙂
Found this video looking for info on how hacking works. It's beyond my understanding why operating system, gadgets, networks can't be hacker safe.
I wonder how many people tried this on wordpress
Does writing on fax paper and waving the pen make him more official? He's pretty enthusiastic about this topic.
I've always called it a "Squall" injection.
I need to delete my MySpace account.. will this work 😂
The lighting in this video is really good.
He sounds like Mark Zuckerberg
I cba with that I just make sure the accounts permissions are limited to reading
Stay in School kids
Don't do SQL injections
drugs r bad
Why is this filmed in the middle of the hotel ??
But what if you validate ALL user input with regex? The program will only send the query to my database if the input matches my regex. Is this a good protection)
i HATE php .
😀
I don't know what he is talking about but it make me feel like a spy
Amazing video!
I have more than 5 years experience in SQLI , i had so much fun while injecting the url , But programming language is gotten realy strong these days SQLI became a bit harder when mysqli was out .
That's why there's something called backing up databases. daily/weekly etc. 😛
Syringe points so menacingly towards Tom.
Don't try this at Home 🙂
How to avoiid SQL Injections: dont use strings as querys, use preparated statemens, if you use php use PDO, is that simple.
ive always called it skwill
less syllables than s q l or sequel
however i do not call php "pip" or a short fart sound although i may start
Decode happiness sql injection.
Welcome to the future, we use JavaScript here.
Who is he actually talking to
SQL = Squeal
C# is friendlier than PHP because you don't have to deal with WTF's all the time
how is SQL Injection not protected against by every website in existence?
Thousandth comment 😮
Another British advertisement about Tim B Lee "inventing" the Web???????
No way….. he ever understood the concept of the Web!!!! The Web was developed not invented by at least 100 great Americans, modest and quiet great people …..
thanks tom, awesome explanation
funnily enough, I got a SQL course ad for this video.
just checking cause of google attack
Tom with no red shirt? What is this???
I love your channel name and the videos are great! It really satisfies my love of technology, but makes me wanna learn more!