Hacking Websites with SQL Injection – Computerphile

How did you isolate his voice from the surrounding noise?

I'm pretty sure its actauly not pronounced see kwuel or s-q-l bit pronounced es kwuel. I read it in a book on sql database forming.

Prepared Statement guys.

Me and my friend always joked about naming a kid "DropTable" in our IS SQL intro course.
But I guess now I realized it should be something along the lines of: Frank";Droptable

Most of your videos explaining different attacks:
And that was all fine…until the web came about

It's SQL not sequel!

Best language is python

i am dot net developer , but i know lettle php i think php developers uses PDO which they can avoid the injection i use entity framework that's helps me to avoid injection

I know it's not the point of this video, but it's really nicely lit!

So the only useful part is from about 8:00 onwards where he talks about prepared statements

0:55 lol wut? I thought he invented html

Install gentoo

What's prepared statements?

just try to be a good programmer to be a good hacker

All hackers are here

What tools do you recommend to test your own website for vulnerabilities?

That's… ridiculous. How was (is?) a such thing even possible?, it's beyond dumb.
🙂
Found this video looking for info on how hacking works. It's beyond my understanding why operating system, gadgets, networks can't be hacker safe.

I wonder how many people tried this on wordpress

Does writing on fax paper and waving the pen make him more official? He's pretty enthusiastic about this topic.

I've always called it a "Squall" injection.

I need to delete my MySpace account.. will this work 😂

The lighting in this video is really good.

He sounds like Mark Zuckerberg

I cba with that I just make sure the accounts permissions are limited to reading

Stay in School kids
Don't do SQL injections
drugs r bad

Why is this filmed in the middle of the hotel ??

But what if you validate ALL user input with regex? The program will only send the query to my database if the input matches my regex. Is this a good protection)

i HATE php .

😀

I don't know what he is talking about but it make me feel like a spy

Amazing video!

I have more than 5 years experience in SQLI , i had so much fun while injecting the url , But programming language is gotten realy strong these days SQLI became a bit harder when mysqli was out .

That's why there's something called backing up databases. daily/weekly etc. 😛

Syringe points so menacingly towards Tom.

Don't try this at Home 🙂

How to avoiid SQL Injections: dont use strings as querys, use preparated statemens, if you use php use PDO, is that simple.

ive always called it skwill
less syllables than s q l or sequel

however i do not call php "pip" or a short fart sound although i may start

Decode happiness sql injection.

Welcome to the future, we use JavaScript here.

Who is he actually talking to

SQL = Squeal

C# is friendlier than PHP because you don't have to deal with WTF's all the time

how is SQL Injection not protected against by every website in existence?

Thousandth comment 😮

Another British advertisement about Tim B Lee "inventing" the Web???????
No way….. he ever understood the concept of the Web!!!! The Web was developed not invented by at least 100 great Americans, modest and quiet great people …..

thanks tom, awesome explanation

funnily enough, I got a SQL course ad for this video.

just checking cause of google attack

Tom with no red shirt? What is this???

I love your channel name and the videos are great! It really satisfies my love of technology, but makes me wanna learn more!