SQL Injection and Blind SQL Injection

SQL Injection
Sql injecttion is an action of hacking is done in the client application by modifying the SQL command that is in memory clien application and also a technique to exploit a web application that uses database for storing therein data.
Cause of sql Injection
Absence of teh handling of character pick one (‘) and double minus (--) which causes the application can be compromised with sql sintax.so the attacker insert sql sintax into parameter or form.
Danger of SQL Injection

• This technique allows someone enter to system without having to have account.
• Enable someone edit,delete, and insert data to database.
• SQl injection can do only with browser.

For example Sintax SQL Injection: 

#SQL = “select * from login where username =’#username’ and password = ‘#password’”; , {dari GET atau POST variable }.
Insert password with string ’ or ’’ = ’.The result SQL will as = “select * from login where username = ’$username’ and password=’pass’ or ‘=′”; , { with this SQL result selection alway will TRUE.\

Blind SQL Injection is used when a web application is vulnerable to an sql injection but the results of the injection are not visible to the attacker