{"id":505,"date":"2022-08-06T22:53:54","date_gmt":"2022-08-06T22:53:54","guid":{"rendered":"https:\/\/securitybriefing.net\/?p=505"},"modified":"2022-08-06T22:53:54","modified_gmt":"2022-08-06T22:53:54","slug":"%d8%ad%d9%82%d9%86-sql-101-%d9%85%d8%a7-%d9%87%d9%88-sqli-%d9%88%d9%83%d9%8a%d9%81%d9%8a%d8%a9-%d9%85%d9%86%d8%b9-%d8%a7%d9%84%d9%87%d8%ac%d9%85%d8%a7%d8%aa","status":"publish","type":"post","link":"https:\/\/securitybriefing.net\/ar\/%d8%ad%d9%85%d8%a7%d9%8a%d8%a9\/%d8%ad%d9%82%d9%86-sql-101-%d9%85%d8%a7-%d9%87%d9%88-sqli-%d9%88%d9%83%d9%8a%d9%81%d9%8a%d8%a9-%d9%85%d9%86%d8%b9-%d8%a7%d9%84%d9%87%d8%ac%d9%85%d8%a7%d8%aa\/","title":{"rendered":"SQL Injection 101: \u0645\u0627 \u0647\u0648 SQLi \u0648\u0643\u064a\u0641\u064a\u0629 \u0645\u0646\u0639 \u0627\u0644\u0647\u062c\u0645\u0627\u062a"},"content":{"rendered":"<h2 class=\"wp-block-heading\" id=\"what-is-sql-injection\"><strong>\u0645\u0627 \u0647\u0648 \u062d\u0642\u0646 SQL<\/strong><\/h2>\n\n\n<p>\u062d\u0642\u0646 SQL (SQLi) \u0647\u0648 \u0646\u0648\u0639 \u0645\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0627\u0644\u062a\u064a \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u062c\u0631\u0645\u064a\u0646 \u0628\u062a\u0646\u0641\u064a\u0630 \u0628\u064a\u0627\u0646\u0627\u062a SQL \u0636\u0627\u0631\u0629 \u0636\u062f \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628 \u0627\u0644\u0636\u0639\u064a\u0641\u0629. \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a \u062d\u0633\u0627\u0633\u0629\u060c \u0645\u062b\u0644 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0627\u0644\u0639\u0645\u0644\u0627\u0621\u060c \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0634\u062e\u0635\u064a\u0629\u060c \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u062a\u062c\u0627\u0631\u064a\u0629\u060c \u0648\u0627\u0644\u0645\u0632\u064a\u062f \u0639\u0646 \u0637\u0631\u064a\u0642 \u062a\u062c\u0627\u0648\u0632 \u062a\u062f\u0627\u0628\u064a\u0631 \u0623\u0645\u0627\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642. \u0647\u0646\u0627 \u0633\u0646\u0646\u0627\u0642\u0634 \u062d\u0642\u0646 SQL\u060c \u0643\u064a\u0641\u064a\u0629 \u0639\u0645\u0644\u0647\u060c \u0648\u0643\u064a\u0641 \u064a\u0645\u0643\u0646\u0643 \u0645\u0646\u0639 \u0627\u0644\u0647\u062c\u0645\u0627\u062a.<\/p>\n\n\n\n<p>\u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u062d\u062f\u062b \u0647\u062c\u0645\u0627\u062a \u062d\u0642\u0646 SQL \u0639\u0644\u0649 \u0623\u064a \u0645\u0648\u0642\u0639 \u064a\u0633\u062a\u062e\u062f\u0645 \u0642\u0627\u0639\u062f\u0629 \u0628\u064a\u0627\u0646\u0627\u062a SQL. \u0647\u0630\u0627 \u0627\u0644\u0646\u0648\u0639 \u0645\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u064a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a\u0643 \u0627\u0644\u0623\u0633\u0627\u0633\u064a\u0629. \u064a\u0645\u0643\u0646\u0647\u0645 \u0631\u0624\u064a\u0629 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u0647\u0644\u0643\u060c \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0634\u062e\u0635\u064a\u0629\u060c \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u062a\u062c\u0627\u0631\u064a\u0629\u060c \u0648\u0627\u0644\u0645\u0644\u0643\u064a\u0629 \u0627\u0644\u0641\u0643\u0631\u064a\u0629. \u0647\u0630\u0627 \u0647\u0648 \u0623\u062d\u062f \u0623\u062e\u0637\u0631 \u0623\u0646\u0648\u0627\u0639 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0639\u0644\u0649 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628\u060c \u0648\u0641\u0642\u064b\u0627 \u0644\u0640 OWASP.<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"types-of-sql-injection\"><strong>\u0623\u0646\u0648\u0627\u0639 \u062d\u0642\u0646 SQL<\/strong><\/h2>\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"542\" class=\"wp-image-515\" src=\"http:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/types-of-SQL-Injectin-2.png\" alt=\"\u0623\u0646\u0648\u0627\u0639 \u062d\u0642\u0646 SQL\" srcset=\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/types-of-SQL-Injectin-2.png 1024w, https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/types-of-SQL-Injectin-2-300x159.png 300w, https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/types-of-SQL-Injectin-2-768x407.png 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n<h3 class=\"wp-block-heading\" id=\"inband-sqli\"><strong>\u062d\u0642\u0646 SQL \u062f\u0627\u062e\u0644 \u0627\u0644\u0646\u0637\u0627\u0642<\/strong><\/h3>\n\n\n<p>In-band SQL injection is an attack where the attacker uses the same channel to send and receive queries. In-band means that the response is obtained using the same communications medium. The attacker\u2019s goal is to get the response in a web browser immediately, if possible when carrying out the attack manually with a web browser.<\/p>\n\n\n\n<p><strong>\u0645\u062b\u0627\u0644 \u0639\u0644\u0649 \u062d\u0642\u0646 SQL \u062f\u0627\u062e\u0644 \u0627\u0644\u0646\u0637\u0627\u0642<\/strong><\/p>\n\n\n\n<p>The most common way for an attacker to do an in-band SQL injection is to change the request so they can see the personal information of the current user. This can be done by changing the value sent as part of the request. For example, if the statement was supposed to display the user\u2019s name, the attacker could change it so that their name is displayed instead.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">\u0627\u062e\u062a\u0631 * \u0645\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u062d\u064a\u062b \u0645\u0639\u0631\u0641 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u064a\u0634\u0628\u0647 'current_user'<\/pre>\n\n\n\n<p>\u062d\u0642\u0646 SQL \u0627\u0644\u0642\u0627\u0626\u0645 \u0639\u0644\u0649 \u0627\u0644\u062e\u0637\u0623 \u0648\u062d\u0642\u0646 SQL \u0627\u0644\u0642\u0627\u0626\u0645 \u0639\u0644\u0649 \u0627\u0644\u0627\u062a\u062d\u0627\u062f \u0647\u0645\u0627 \u0627\u0644\u0634\u0643\u0644\u0627\u0646 \u0627\u0644\u0623\u0643\u062b\u0631 \u0634\u064a\u0648\u0639\u064b\u0627 \u0644\u062d\u0642\u0646 SQL \u062f\u0627\u062e\u0644 \u0627\u0644\u0646\u0637\u0627\u0642.<\/p>\n\n\n<h4 class=\"wp-block-heading\" id=\"errorbased-sqli\"><strong>\u062d\u0642\u0646 SQL \u0627\u0644\u0642\u0627\u0626\u0645 \u0639\u0644\u0649 \u0627\u0644\u062e\u0637\u0623<\/strong><\/h4>\n\n\n<p>An error-based SQLi technique is an in-band SQL injection approach that takes advantage of database server error messages to discover the database\u2019s architecture. Error-based SQL injection is the most common type of in-band SQL injection.<\/p>\n\n\n\n<p><strong>\u0645\u062b\u0627\u0644 \u0639\u0644\u0649 \u062d\u0642\u0646 SQL \u0627\u0644\u0642\u0627\u0626\u0645 \u0639\u0644\u0649 \u0627\u0644\u062e\u0637\u0623:<\/strong><\/p>\n\n\n\n<p>\u0625\u0630\u0627 \u062d\u0627\u0648\u0644 \u0645\u0647\u0627\u062c\u0645 \u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062f\u062e\u0648\u0644 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0627\u0639\u062a\u0645\u0627\u062f \u0627\u0644\u062a\u0627\u0644\u064a\u0629:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">\u0627\u0633\u0645 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645: ' OR 'a'='apassword: anything<\/pre>\n\n\n\n<p>\u0633\u062a\u0639\u064a\u062f \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u062e\u0637\u0623 \u0644\u0623\u0646 \u0627\u0644\u0628\u064a\u0627\u0646 \u063a\u064a\u0631 \u0635\u062d\u064a\u062d \u0646\u062d\u0648\u064a\u064b\u0627. \u0633\u062a\u0643\u0634\u0641 \u0631\u0633\u0627\u0644\u0629 \u0627\u0644\u062e\u0637\u0623 \u0639\u0646 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u062d\u0648\u0644 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a\u060c \u0648\u0627\u0644\u062a\u064a \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0644\u0635\u0627\u0644\u062d\u0647.<\/p>\n\n\n<h4 class=\"wp-block-heading\" id=\"unionbased-sqli\"><strong>\u062d\u0642\u0646 SQL \u0627\u0644\u0642\u0627\u0626\u0645 \u0639\u0644\u0649 \u0627\u0644\u0627\u062a\u062d\u0627\u062f:<\/strong><\/h4>\n\n\n<p>\u062d\u0642\u0646 SQL \u062f\u0627\u062e\u0644 \u0627\u0644\u0646\u0637\u0627\u0642 \u0647\u0648 \u0637\u0631\u064a\u0642\u0629 \u0644\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0645\u0646 \u0645\u0648\u0642\u0639 \u0648\u064a\u0628 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0639\u0627\u0645\u0644 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 UNION \u0644\u062f\u0645\u062c \u0645\u062e\u0631\u062c\u0627\u062a \u0627\u062b\u0646\u064a\u0646 \u0623\u0648 \u0623\u0643\u062b\u0631 \u0645\u0646 \u0628\u064a\u0627\u0646\u0627\u062a SELECT.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"blind-sql-injection\"><strong>\u062d\u0642\u0646 SQL \u0627\u0644\u0623\u0639\u0645\u0649<\/strong><\/h3>\n\n\n<p>\u062d\u0642\u0646 SQL \u0627\u0644\u0623\u0639\u0645\u0649 \u0647\u0648 \u0647\u062c\u0648\u0645 \u062d\u064a\u062b \u064a\u062d\u0627\u0648\u0644 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0625\u062c\u0627\u0628\u0627\u062a \u0645\u0646 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0639\u0646 \u0637\u0631\u064a\u0642 \u0637\u0631\u062d \u0623\u0633\u0626\u0644\u0629 \u0633\u062a\u0624\u062f\u064a \u0625\u0644\u0649 \u0627\u0633\u062a\u062c\u0627\u0628\u0629 \u0635\u062d\u064a\u062d\u0629 \u0623\u0648 \u062e\u0627\u0637\u0626\u0629. \u064a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0631\u0633\u0627\u0626\u0644 \u0627\u0644\u062e\u0637\u0623 \u0644\u0645\u0639\u0631\u0641\u0629 \u0645\u0627 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u064a\u0633\u062a\u062c\u064a\u0628 \u0628\u0634\u0643\u0644 \u0645\u062e\u062a\u0644\u0641 \u0639\u0646\u062f \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0631\u0645\u0632 \u0645\u062d\u062f\u062f.<\/p>\n\n\n\n<p>\u0639\u0646\u062f\u0645\u0627 \u064a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0645\u062e\u062a\u0631\u0642 \u062d\u0642\u0646 SQL\u060c \u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0639\u0631\u0636 \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0648\u064a\u0628 \u0631\u0633\u0627\u0626\u0644 \u062a\u062d\u0630\u064a\u0631 \u062d\u0631\u062c\u0629 \u0644\u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u062a\u0634\u064a\u0631 \u0625\u0644\u0649 \u0623\u0646 \u0628\u0646\u0627\u0621 \u062c\u0645\u0644\u0629 \u0627\u0633\u062a\u0639\u0644\u0627\u0645 SQL \u063a\u064a\u0631 \u0635\u062d\u064a\u062d. \u064a\u0639\u0645\u0644 \u062d\u0642\u0646 SQL \u0627\u0644\u0623\u0639\u0645\u0649 \u0628\u0646\u0641\u0633 \u0637\u0631\u064a\u0642\u0629 \u062d\u0642\u0646 SQL \u0627\u0644\u062a\u0642\u0644\u064a\u062f\u064a\u060c \u0628\u0627\u0633\u062a\u062b\u0646\u0627\u0621 \u0643\u064a\u0641\u064a\u0629 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0645\u0646 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a. \u0625\u0630\u0627 \u0644\u0645 \u062a\u0643\u0646 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0643\u0627\u0641\u064a\u0629 \u0644\u064a\u0633\u062a\u063a\u0644\u0647\u0627 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u060c \u064a\u062c\u0628 \u0639\u0644\u0649 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0637\u0631\u062d \u0633\u0644\u0633\u0644\u0629 \u0645\u0646 \u0627\u0644\u0623\u0633\u0626\u0644\u0629 \u0644\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.<\/p>\n\n\n\n<p>\u064a\u0646\u0642\u0633\u0645 \u062d\u0642\u0646 SQL \u0627\u0644\u0623\u0639\u0645\u0649 \u0625\u0644\u0649 \u062d\u0642\u0646 SQL \u0627\u0644\u0623\u0639\u0645\u0649 \u0627\u0644\u0642\u0627\u0626\u0645 \u0639\u0644\u0649 \u0627\u0644\u0645\u0646\u0637\u0642 \u0627\u0644\u0628\u0648\u0644\u064a\u0627\u0646\u064a \u0648\u062d\u0642\u0646 SQL \u0627\u0644\u0623\u0639\u0645\u0649 \u0627\u0644\u0642\u0627\u0626\u0645 \u0639\u0644\u0649 \u0627\u0644\u0648\u0642\u062a.<\/p>\n\n\n<h4 class=\"wp-block-heading\" id=\"booleanbased-blind-sqli\"><strong>\u062d\u0642\u0646 SQL \u0627\u0644\u0623\u0639\u0645\u0649 \u0627\u0644\u0642\u0627\u0626\u0645 \u0639\u0644\u0649 \u0627\u0644\u0645\u0646\u0637\u0642 \u0627\u0644\u0628\u0648\u0644\u064a\u0627\u0646\u064a<\/strong><\/h4>\n\n\n<p>\u062d\u0642\u0646 SQL \u0627\u0644\u0623\u0639\u0645\u0649 \u0627\u0644\u0642\u0627\u0626\u0645 \u0639\u0644\u0649 \u0627\u0644\u0645\u0646\u0637\u0642 \u0627\u0644\u0628\u0648\u0644\u064a\u0627\u0646\u064a \u0647\u0648 \u0647\u062c\u0648\u0645 \u062d\u064a\u062b \u064a\u062d\u0627\u0648\u0644 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0625\u062c\u0627\u0628\u0627\u062a \u0645\u0646 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0639\u0646 \u0637\u0631\u064a\u0642 \u0637\u0631\u062d \u0623\u0633\u0626\u0644\u0629 \u0633\u062a\u0624\u062f\u064a \u0625\u0644\u0649 \u0627\u0633\u062a\u062c\u0627\u0628\u0629 \u0635\u062d\u064a\u062d\u0629 \u0623\u0648 \u062e\u0627\u0637\u0626\u0629. \u064a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0631\u0633\u0627\u0626\u0644 \u0627\u0644\u062e\u0637\u0623 \u0644\u0645\u0639\u0631\u0641\u0629 \u0645\u0627 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u064a\u0633\u062a\u062c\u064a\u0628 \u0628\u0634\u0643\u0644 \u0645\u062e\u062a\u0644\u0641 \u0639\u0646\u062f \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0631\u0645\u0632 \u0645\u062d\u062f\u062f.<\/p>\n\n\n\n<p>\u0645\u062b\u0627\u0644 \u0639\u0644\u0649 \u062d\u0642\u0646 SQL \u0627\u0644\u0623\u0639\u0645\u0649 \u0627\u0644\u0642\u0627\u0626\u0645 \u0639\u0644\u0649 \u0627\u0644\u0645\u0646\u0637\u0642 \u0627\u0644\u0628\u0648\u0644\u064a\u0627\u0646\u064a:<\/p>\n\n\n\n<p>\u0625\u0630\u0627 \u0623\u0631\u0627\u062f \u0645\u0647\u0627\u062c\u0645 \u0645\u0639\u0631\u0641\u0629 \u0646\u0648\u0639 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a\u060c \u0633\u064a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0628\u064a\u0627\u0646 \u0627\u0644\u062a\u0627\u0644\u064a:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">\u0627\u062e\u062a\u0631 * \u0645\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u062d\u064a\u062b \u0645\u0639\u0631\u0641 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u064a\u0634\u0628\u0647 'current_user' \u0648 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a() \u064a\u0634\u0628\u0647 '%type%'<\/pre>\n\n\n\n<p>\u0625\u0630\u0627 \u0643\u0627\u0646\u062a \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a MySQL\u060c \u0633\u064a\u0643\u0648\u0646 \u0627\u0644\u0646\u0627\u062a\u062c \u0634\u064a\u0626\u064b\u0627 \u0645\u062b\u0644 \u0647\u0630\u0627:<\/p>\n\n\n\n<p>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \u2018and database() like \u2018%type%\u201d at line<\/p>\n\n\n<h4 class=\"wp-block-heading\" id=\"timebased-blind-sql-injection\"><strong>\u062d\u0642\u0646 SQL \u0627\u0644\u0623\u0639\u0645\u0649 \u0627\u0644\u0642\u0627\u0626\u0645 \u0639\u0644\u0649 \u0627\u0644\u0648\u0642\u062a<\/strong><\/h4>\n\n\n<p>\u0647\u062c\u0648\u0645 \u062d\u0642\u0646 SQL \u0627\u0644\u0623\u0639\u0645\u0649 \u0627\u0644\u0642\u0627\u0626\u0645 \u0639\u0644\u0649 \u0627\u0644\u0648\u0642\u062a \u0647\u0648 \u0639\u0646\u062f\u0645\u0627 \u064a\u062a\u0645 \u0625\u0631\u0633\u0627\u0644 \u0623\u0645\u0631 SQL \u0625\u0644\u0649 \u0627\u0644\u062e\u0627\u062f\u0645 \u0645\u0639 \u0631\u0645\u0632 \u064a\u062a\u0633\u0628\u0628 \u0641\u064a \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645\u0627\u062a \u0628\u0634\u0643\u0644 \u0623\u0628\u0637\u0623.<\/p>\n\n\n\n<p>Time-based Blind attacks allow attackers to extract data based on access time. Such an attack is known as a blind or inferential injection assault. This is a type of assault in which no data flows between the attacker and the database, but because there is no response, it\u2019s also known as a blind injection attack.<\/p>\n\n\n\n<p>\u064a\u0634\u064a\u0631 \u0648\u0642\u062a \u0627\u0644\u0627\u0633\u062a\u062c\u0627\u0628\u0629 \u0625\u0644\u0649 \u0645\u0627 \u0625\u0630\u0627 \u0643\u0627\u0646\u062a \u0627\u0644\u0625\u062c\u0627\u0628\u0629 \u0635\u062d\u064a\u062d\u0629 \u0623\u0645 \u062e\u0627\u0637\u0626\u0629. \u0625\u0630\u0627 \u0643\u0627\u0646\u062a \u0627\u0644\u0627\u0633\u062a\u062c\u0627\u0628\u0629 \u0633\u0644\u0628\u064a\u0629\u060c \u0633\u064a\u0642\u0648\u0645 \u0627\u0644\u0645\u062a\u0633\u0644\u0644 \u0628\u0625\u062c\u0631\u0627\u0621 \u0637\u0644\u0628 \u0622\u062e\u0631. \u0647\u0630\u0647 \u0627\u0644\u062a\u0642\u0646\u064a\u0629 \u0627\u0644\u0647\u062c\u0648\u0645\u064a\u0629 \u0628\u0637\u064a\u0626\u0629 \u0644\u0623\u0646 \u0627\u0644\u0645\u062e\u062a\u0631\u0642 \u064a\u062c\u0628 \u0623\u0646 \u064a\u0645\u0631 \u0639\u0628\u0631 \u0643\u0644 \u062d\u0631\u0641 \u0628\u0634\u0643\u0644 \u0641\u0631\u062f\u064a\u060c \u062e\u0627\u0635\u0629 \u0639\u0646\u062f \u0645\u0647\u0627\u062c\u0645\u0629 \u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0636\u062e\u0645\u0629.<\/p>\n\n\n\n<p><strong>\u0645\u062b\u0627\u0644 \u0639\u0644\u0649 \u062d\u0642\u0646 SQL \u0627\u0644\u0623\u0639\u0645\u0649<\/strong><\/p>\n\n\n\n<p>\u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u0645\u062b\u0627\u0644\u060c \u064a\u062d\u0627\u0648\u0644 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u062a\u062d\u062f\u064a\u062f \u0645\u0627 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0630\u0648 \u0627\u0644\u0645\u0639\u0631\u0641 999 \u0645\u0648\u062c\u0648\u062f\u064b\u0627 \u0641\u064a \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a. \u0644\u0644\u0642\u064a\u0627\u0645 \u0628\u0630\u0644\u0643\u060c \u064a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0628\u064a\u0627\u0646 \u0627\u0644\u062a\u0627\u0644\u064a:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">\u0625\u0630\u0627(\u062c\u0632\u0621((\u0627\u062e\u062a\u0631 \u0643\u0644\u0645\u0629 \u0627\u0644\u0645\u0631\u0648\u0631 \u0645\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u062d\u064a\u062b \u0645\u0639\u0631\u0641 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645=999),0, \u0637\u0648\u0644('secret'))='secret', \u0646\u0648\u0645(30), '\u062e\u0637\u0623')<\/pre>\n\n\n\n<p>\u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0630\u0648 \u0627\u0644\u0645\u0639\u0631\u0641 999 \u0645\u0648\u062c\u0648\u062f\u064b\u0627 \u0641\u064a \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0643\u0644\u0645\u0629 \u0645\u0631\u0648\u0631\u0647 \u0647\u064a secret\u060c \u0641\u0625\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0633\u064a\u0646\u0627\u0645 \u0644\u0645\u062f\u0629 30 \u062b\u0627\u0646\u064a\u0629. \u0633\u064a\u0639\u064a\u062f \u0627\u0644\u062a\u0637\u0628\u064a\u0642 false \u0625\u0630\u0627 \u0644\u0645 \u064a\u0643\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0645\u0648\u062c\u0648\u062f\u064b\u0627 \u0641\u064a \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"outofband-sqli\"><strong>\u062d\u0642\u0646 SQL \u062e\u0627\u0631\u062c \u0627\u0644\u0646\u0637\u0627\u0642<\/strong><\/h3>\n\n\n<p>\u0642\u062f \u064a\u0631\u0633\u0644 \u0634\u062e\u0635 \u064a\u0631\u064a\u062f \u0633\u0631\u0642\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0634\u0641\u0631\u0629 SQL \u0625\u0644\u0649 \u062e\u0627\u062f\u0645 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0628\u0637\u0631\u064a\u0642\u0629 \u0644\u064a\u0633\u062a \u062c\u0632\u0621\u064b\u0627 \u0645\u0646 \u0627\u0644\u0627\u062a\u0635\u0627\u0644 \u0627\u0644\u0645\u0639\u062a\u0627\u062f \u0628\u064a\u0646 \u0627\u0644\u062e\u0627\u062f\u0645 \u0648\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631 \u0627\u0644\u0623\u062e\u0631\u0649. \u064a\u0645\u0643\u0646 \u0627\u0644\u0642\u064a\u0627\u0645 \u0628\u0630\u0644\u0643 \u0639\u0646 \u0637\u0631\u064a\u0642 \u0625\u0631\u0633\u0627\u0644 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0625\u0644\u0649 \u0627\u0644\u062e\u0627\u062f\u0645 \u0639\u0628\u0631 \u0637\u0644\u0628\u0627\u062a DNS \u0623\u0648 HTTP.<\/p>\n\n\n\n<p>The app\u2019s response will not be affected by whether or not any data is returned, whether or not there is a problem with the database, or how long it takes to execute the query. Out-of-band can be used in network interactions to fire events at will. Depending on an injected condition, these may be activated conditionally to gain knowledge one bit at a time.<\/p>\n\n\n\n<p>Data can also leak via several networking protocols from network interactions. The visual represents the request sent from the web application to the app\u2019s database.<\/p>\n\n\n\n<p><strong>\u0645\u062b\u0627\u0644 \u0639\u0644\u0649 \u062d\u0642\u0646 SQL \u062e\u0627\u0631\u062c \u0627\u0644\u0646\u0637\u0627\u0642<\/strong><\/p>\n\n\n\n<p>\u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u0645\u062b\u0627\u0644\u060c \u064a\u062d\u0627\u0648\u0644 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u062a\u062d\u062f\u064a\u062f \u0645\u0627 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0645\u0633\u062a\u062e\u062f\u0645 \u0645\u062d\u062f\u062f \u0645\u0648\u062c\u0648\u062f\u064b\u0627 \u0641\u064a \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a. \u0644\u0644\u0642\u064a\u0627\u0645 \u0628\u0630\u0644\u0643\u060c \u064a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0628\u064a\u0627\u0646 \u0627\u0644\u062a\u0627\u0644\u064a:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">SELECT user_id FROM users WHERE username='$username' AND password='$password' LIMIT 0,0 UNION SELECT NULL,'' INTO OUTFILE '\/var\/opt\/databases\/$filename.php'; --<\/pre>\n\n\n\n<p>\u0633\u064a\u0639\u064a\u062f \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0645\u0639\u0631\u0641 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0645\u0648\u062c\u0648\u062f\u064b\u0627 \u0641\u064a \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a. \u0625\u0630\u0627 \u0644\u0645 \u064a\u0643\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0645\u0648\u062c\u0648\u062f\u064b\u0627 \u0641\u064a \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a\u060c \u0641\u0625\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0633\u064a\u0646\u0634\u0626 \u0645\u0644\u0641\u064b\u0627 \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0634\u0641\u0631\u0629 PHP \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0644\u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0627\u0644\u0646\u0638\u0627\u0645. \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u0639\u062f \u0630\u0644\u0643 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0647\u0630\u0627 \u0627\u0644\u0645\u0644\u0641 \u0644\u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0639\u0644\u0649 \u0627\u0644\u062e\u0627\u062f\u0645.<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"how-to-prevent-an-sql-injection\"><strong>\u0643\u064a\u0641\u064a\u0629 \u0645\u0646\u0639 \u062d\u0642\u0646 SQL<\/strong><\/h2>\n\n\n<p>The best way to protect against SQL injection attacks is to use input validation, prepared statements, and parametrized queries. The code should never make direct use of the user\u2019s input. Developers must sanitize all input instead of simply web form inputs such as login forms. Single quotes should be eliminated from any questionable code components. It\u2019s also a good idea to hide database problems on live sites to avoid inadvertently revealing them. SQL injection may provide information about a database system that attackers can use to their advantage.<\/p>\n\n\n\n<p>If you find a problem with your website, you should take it offline immediately and contact your hosting provider. They can help you determine whether or not your site has been compromised and what steps you need to take to fix the problem. In the meantime, ensure that all of your website\u2019s users know about the problem and change their passwords as soon as possible.<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"prevention-tips-for-avoiding-sql-injections\"><strong>\u0646\u0635\u0627\u0626\u062d \u0627\u0644\u0648\u0642\u0627\u064a\u0629 \u0644\u062a\u062c\u0646\u0628 \u062d\u0642\u0646 SQL<\/strong><\/h2>\n\n\n<p>\u0647\u0646\u0627\u0643 \u0628\u0639\u0636 \u0627\u0644\u0637\u0631\u0642 \u0644\u062a\u062c\u0646\u0628 \u062b\u063a\u0631\u0627\u062a \u062d\u0642\u0646 SQL \u0641\u064a \u0644\u063a\u0629 \u0627\u0644\u0628\u0631\u0645\u062c\u0629 \u0648\u0625\u0639\u062f\u0627\u062f \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062e\u0627\u0635\u0629 \u0628\u0643. \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0647\u0630\u0647 \u0627\u0644\u062a\u0642\u0646\u064a\u0627\u062a \u0645\u0639 \u0645\u0639\u0638\u0645 \u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a\u060c \u0645\u062b\u0644 XML. \u064a\u0645\u0643\u0646\u0643 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0647\u0630\u0647 \u0627\u0644\u062a\u0642\u0646\u064a\u0627\u062a \u0644\u062c\u0639\u0644 \u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062e\u0627\u0635\u0629 \u0628\u0643 \u0623\u0643\u062b\u0631 \u0623\u0645\u0627\u0646\u064b\u0627.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"1-use-of-properly-constructed-stored-procedures\">1) \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0625\u062c\u0631\u0627\u0621\u0627\u062a \u0627\u0644\u0645\u062e\u0632\u0646\u0629 \u0627\u0644\u0645\u0628\u0646\u064a\u0629 \u0628\u0634\u0643\u0644 \u0635\u062d\u064a\u062d<\/h3>\n\n\n<p>\u064a\u062c\u0628 \u0623\u0646 \u064a\u0628\u062f\u0623 \u0627\u0644\u0645\u0628\u062a\u062f\u0626\u0648\u0646 \u0628\u062a\u0639\u0644\u0645 \u0643\u064a\u0641\u064a\u0629 \u0625\u0646\u0634\u0627\u0621 \u0628\u064a\u0627\u0646\u0627\u062a \u0645\u0639 \u0627\u0644\u0645\u062a\u063a\u064a\u0631\u0627\u062a. \u0647\u0630\u0627 \u0623\u0633\u0647\u0644 \u0645\u0646 \u0625\u0646\u0634\u0627\u0621 \u0627\u0633\u062a\u0639\u0644\u0627\u0645\u0627\u062a \u062f\u064a\u0646\u0627\u0645\u064a\u0643\u064a\u0629\u060c \u0648\u0647\u0648 \u0623\u0633\u0647\u0644 \u0641\u064a \u0627\u0644\u0641\u0647\u0645. \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645\u0627\u062a \u0627\u0644\u0645\u0639\u0644\u0645\u0629 \u0647\u064a \u062d\u064a\u062b \u064a\u0646\u0634\u0626 \u0627\u0644\u0645\u0637\u0648\u0631 \u062c\u0645\u064a\u0639 \u0634\u0641\u0631\u0629 SQL \u062b\u0645 \u064a\u0632\u0648\u062f \u0643\u0644 \u0645\u0639\u0644\u0645\u0629 \u0641\u064a \u0648\u0642\u062a \u0644\u0627\u062d\u0642. \u0647\u0630\u0647 \u0627\u0644\u0637\u0631\u064a\u0642\u0629 \u062a\u0633\u0645\u062d \u0644\u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0628\u0627\u0644\u062a\u0645\u064a\u064a\u0632 \u0628\u064a\u0646 \u0634\u0641\u0631\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0648\u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a.<\/p>\n\n\n\n<p>Prepared statements help ensure that a query\u2019s goal is not changed, even if someone tries to give SQL instructions.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"2-allowlist-input-validation\">2) \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u062d\u0629 \u0627\u0644\u0625\u062f\u062e\u0627\u0644 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0642\u0627\u0626\u0645\u0629 \u0627\u0644\u0633\u0645\u0627\u062d<\/h3>\n\n\n<p>SQL queries use bind variables in specific places for data. For example, if you\u2019re using Python, you would use the <strong>1\u062a\u064a \u0628\u064a1\u062a\u064a<\/strong> \u0639\u0646\u0635\u0631 \u0646\u0627\u0626\u0628. \u064a\u0645\u0643\u0646\u0643 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062a\u0639\u0628\u064a\u0631 \u0639\u0627\u062f\u064a \u0644\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u062d\u0629 \u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0645\u0642\u0627\u0628\u0644 \u0642\u0627\u0626\u0645\u0629 \u0627\u0644\u0633\u0645\u0627\u062d \u0644\u0645\u0627 \u0647\u064a \u0627\u0644\u0623\u062d\u0631\u0641 \u0627\u0644\u0645\u0633\u0645\u0648\u062d \u0628\u0647\u0627 \u0641\u064a \u0643\u0644 \u0645\u062a\u063a\u064a\u0631 \u0631\u0628\u0637.<\/p>\n\n\n\n<p>If you\u2019re using JavaScript, you can use <strong>\\\u0648<\/strong> \u0644\u0645\u0637\u0627\u0628\u0642\u0629 \u0627\u0644\u0623\u062d\u0631\u0641 \u0627\u0644\u0623\u0628\u062c\u062f\u064a\u0629 \u0627\u0644\u0631\u0642\u0645\u064a\u0629 \u0648\u0627\u0644\u0634\u0631\u0637\u0629 \u0627\u0644\u0633\u0641\u0644\u064a\u0629.<\/p>\n\n\n\n<p>\u064a\u062c\u0628 \u0623\u0646 \u062a\u0643\u0648\u0646 \u0642\u0627\u0626\u0645\u0629 \u0627\u0644\u0633\u0645\u0627\u062d \u0645\u062d\u062f\u062f\u0629 \u0642\u062f\u0631 \u0627\u0644\u0625\u0645\u0643\u0627\u0646 \u0644\u062a\u062c\u0646\u0628 \u0627\u0644\u0625\u064a\u062c\u0627\u0628\u064a\u0627\u062a \u0627\u0644\u0643\u0627\u0630\u0628\u0629.<\/p>\n\n\n\n<p>For example, if you\u2019re looking for a US phone number, you would use the following regular expression:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">\/^\\d{11}1\u062a\u064a \u0628\u064a4\u062a\u064a\/<\/pre>\n\n\n\n<p>This would match a string of 11 digits that could be a phone number. If someone tried to submit something like \u2018<strong>\u0623\u0628\u062c\u062f\u064a\u0641<\/strong>\u2018, it would not match, and the input would be invalid.<\/p>\n\n\n\n<p>This will help make sure your data is safe and sound. If you need to use values from code instead of user parameters, that\u2019s okay too!<\/p>\n\n\n\n<p>\u0648\u0645\u0639 \u0630\u0644\u0643\u060c \u0627\u0641\u062a\u0631\u0636 \u0623\u0646 \u0642\u064a\u0645 \u0645\u0639\u0644\u0645\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u062a\u0633\u062a\u0647\u062f\u0641 \u0623\u0633\u0645\u0627\u0621 \u0627\u0644\u062c\u062f\u0627\u0648\u0644 \u0648\u0627\u0644\u0623\u0639\u0645\u062f\u0629 \u0627\u0644\u0645\u062d\u062f\u062f\u0629. \u0641\u064a \u0647\u0630\u0647 \u0627\u0644\u062d\u0627\u0644\u0629\u060c \u064a\u062c\u0628 \u062a\u0639\u064a\u064a\u0646 \u0642\u064a\u0645 \u0627\u0644\u0645\u0639\u0644\u0645\u0627\u062a \u0625\u0644\u0649 \u0623\u0633\u0645\u0627\u0621 \u0627\u0644\u062c\u062f\u0627\u0648\u0644 \u0648\u0627\u0644\u0623\u0639\u0645\u062f\u0629 \u0627\u0644\u0645\u0642\u0627\u0628\u0644\u0629 \u0644\u0636\u0645\u0627\u0646 \u0639\u062f\u0645 \u062f\u062e\u0648\u0644 \u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u063a\u064a\u0631 \u0627\u0644\u0645\u0639\u062a\u0645\u062f \u0625\u0644\u0649 \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"3-use-whitelists\">3) \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0642\u0648\u0627\u0626\u0645 \u0627\u0644\u0633\u0645\u0627\u062d<\/h3>\n\n\n<p>\u0644\u0627 \u062a\u0642\u0645 \u0628\u062a\u0635\u0641\u064a\u0629 \u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0628\u0646\u0627\u0621\u064b \u0639\u0644\u0649 \u0642\u0648\u0627\u0626\u0645 \u0627\u0644\u062d\u0638\u0631 \u0644\u0644\u0623\u062d\u0631\u0641 \u0627\u0644\u0633\u064a\u0626\u0629. \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0642\u0648\u0627\u0626\u0645 \u0627\u0644\u0633\u0645\u0627\u062d \u0644\u0644\u0623\u062d\u0631\u0641 \u0627\u0644\u062c\u064a\u062f\u0629 \u0627\u0644\u0645\u062a\u0648\u0642\u0639\u0629 \u0641\u064a \u0627\u0644\u062d\u0642\u0648\u0644 \u0627\u0644\u0645\u062d\u062f\u062f\u0629 \u0647\u0648 \u0623\u0643\u062b\u0631 \u0641\u0639\u0627\u0644\u064a\u0629. \u0633\u064a\u0648\u0642\u0641 \u0630\u0644\u0643 \u0647\u062c\u0645\u0627\u062a \u062d\u0642\u0646 SQL \u0642\u0628\u0644 \u0623\u0646 \u062a\u0628\u062f\u0623.<\/p>\n\n\n\n<p>\u0639\u0644\u0649 \u0633\u0628\u064a\u0644 \u0627\u0644\u0645\u062b\u0627\u0644\u060c \u0627\u0633\u0645\u062d \u0641\u0642\u0637 \u0628\u0627\u0644\u0623\u0631\u0642\u0627\u0645 \u0648\u0627\u0644\u0634\u0631\u0637\u0627\u062a \u0641\u064a \u062d\u0642\u0644 \u0627\u0644\u0625\u062f\u062e\u0627\u0644 \u0625\u0630\u0627 \u0643\u0646\u062a \u062a\u062a\u0648\u0642\u0639 \u0631\u0642\u0645 \u0647\u0627\u062a\u0641. \u0625\u0630\u0627 \u0643\u0646\u062a \u062a\u062a\u0648\u0642\u0639 \u0639\u0646\u0648\u0627\u0646 \u0628\u0631\u064a\u062f \u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a\u060c \u0627\u0633\u0645\u062d \u0641\u0642\u0637 \u0628\u0627\u0644\u0623\u062d\u0631\u0641 \u0627\u0644\u0635\u0627\u0644\u062d\u0629 \u0641\u064a \u0639\u0646\u0648\u0627\u0646 \u0627\u0644\u0628\u0631\u064a\u062f \u0627\u0644\u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"4-use-the-most-uptodate-platforms\">4) \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0623\u0643\u062b\u0631 \u062a\u062d\u062f\u064a\u062b\u064b\u0627<\/h3>\n\n\n<p>\u0644\u0627 \u064a\u062d\u062a\u0648\u064a PHP \u0639\u0644\u0649 \u062d\u0645\u0627\u064a\u0629 \u0645\u0646 SQLi \u0641\u064a \u0645\u0646\u0635\u0627\u062a \u062a\u0637\u0648\u064a\u0631 \u0627\u0644\u0648\u064a\u0628 \u0627\u0644\u0642\u062f\u064a\u0645\u0629. \u0627\u0633\u062a\u062e\u062f\u0645 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631 \u0645\u0646 \u0628\u064a\u0626\u0629 \u0627\u0644\u0628\u0631\u0645\u062c\u0629\u060c \u0627\u0644\u0644\u063a\u0629\u060c \u0648\u0627\u0644\u062a\u0642\u0646\u064a\u0627\u062a \u0627\u0644\u0645\u0631\u062a\u0628\u0637\u0629 \u0627\u0644\u0645\u062a\u0627\u062d\u0629. \u0628\u062f\u0644\u0627\u064b \u0645\u0646 PHP\u060c \u0627\u0633\u062a\u062e\u062f\u0645 PDO \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u0645\u062b\u0627\u0644.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"5-scan-your-web-application-regularly\">5) \u0641\u062d\u0635 \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0648\u064a\u0628 \u0627\u0644\u062e\u0627\u0635 \u0628\u0643 \u0628\u0627\u0646\u062a\u0638\u0627\u0645<\/h3>\n\n\n<p>\u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0643\u0648\u0646 \u062d\u0642\u0646 SQL \u0635\u0639\u0628\u0629 \u0644\u0644\u063a\u0627\u064a\u0629 \u0641\u064a \u0627\u0644\u0627\u0643\u062a\u0634\u0627\u0641. \u0645\u0646 \u0627\u0644\u0645\u0647\u0645 \u0641\u062d\u0635 \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0648\u064a\u0628 \u0627\u0644\u062e\u0627\u0635 \u0628\u0643 \u0628\u0627\u0646\u062a\u0638\u0627\u0645 \u0628\u062d\u062b\u064b\u0627 \u0639\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"6-enforcing-least-privilege\">6) \u062a\u0637\u0628\u064a\u0642 \u0645\u0628\u062f\u0623 \u0627\u0644\u0623\u0642\u0644 \u0627\u0645\u062a\u064a\u0627\u0632\u064b\u0627<\/h3>\n\n\n<p>\u0645\u0628\u062f\u0623 \u0627\u0644\u0623\u0642\u0644 \u0627\u0645\u062a\u064a\u0627\u0632\u064b\u0627 \u0647\u0648 \u0645\u0641\u0647\u0648\u0645 \u0623\u0645\u0646\u064a \u064a\u0642\u064a\u062f \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0625\u0644\u0649 \u0627\u0644\u062d\u062f \u0627\u0644\u0623\u062f\u0646\u0649 \u0645\u0646 \u0627\u0644\u0648\u0635\u0648\u0644 \u0627\u0644\u0630\u064a \u064a\u062d\u062a\u0627\u062c\u0648\u0646\u0647 \u0644\u0623\u062f\u0627\u0621 \u0648\u0638\u064a\u0641\u062a\u0647\u0645. \u064a\u0634\u0645\u0644 \u0630\u0644\u0643 \u062a\u062d\u062f\u064a\u062f \u0639\u062f\u062f \u0627\u0644\u062d\u0633\u0627\u0628\u0627\u062a \u0627\u0644\u062a\u064a \u064a\u0645\u062a\u0644\u0643\u0647\u0627 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0648\u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0627\u0644\u062a\u064a \u062a\u0645\u062a\u0644\u0643\u0647\u0627 \u062a\u0644\u0643 \u0627\u0644\u062d\u0633\u0627\u0628\u0627\u062a.<\/p>\n\n\n\n<p>\u0623\u0642\u0644 \u062a\u0642\u064a\u064a\u062f \u0639\u0644\u0649 \u0627\u0644\u0648\u0638\u0627\u0626\u0641 (LRF) \u0647\u0648 \u0645\u0645\u0627\u0631\u0633\u0629 \u0648\u0645\u0641\u0647\u0648\u0645 \u062a\u0642\u064a\u064a\u062f \u062d\u0642\u0648\u0642 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646\u060c \u0627\u0644\u062d\u0633\u0627\u0628\u0627\u062a\u060c \u0648\u0627\u0644\u0639\u0645\u0644\u064a\u0627\u062a \u0627\u0644\u062d\u0627\u0633\u0648\u0628\u064a\u0629 \u0625\u0644\u0649 \u0627\u0644\u0645\u0648\u0627\u0631\u062f \u0627\u0644\u0636\u0631\u0648\u0631\u064a\u0629 \u0641\u0642\u0637 \u0644\u0644\u0645\u0647\u0627\u0645 \u0627\u0644\u0623\u0633\u0627\u0633\u064a\u0629 \u0648\u0627\u0644\u0645\u0642\u0628\u0648\u0644\u0629. \u064a\u0633\u0627\u0639\u062f \u0630\u0644\u0643 \u0641\u064a \u0627\u0644\u062d\u0641\u0627\u0638 \u0639\u0644\u0649 \u062d\u0642\u0648\u0642 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0623\u0648 \u0645\u0633\u062a\u0648\u064a\u0627\u062a \u0627\u0644\u062a\u0635\u0631\u064a\u062d \u0627\u0644\u0623\u062f\u0646\u0649\u060c \u0648\u0647\u0648 \u0623\u0645\u0631 \u062d\u064a\u0648\u064a \u0644\u0644\u0623\u0634\u062e\u0627\u0635 \u0644\u0623\u062f\u0627\u0621 \u0648\u0638\u0627\u0626\u0641\u0647\u0645 \u0628\u0641\u0639\u0627\u0644\u064a\u0629.<\/p>\n\n\n\n<p>\u0627\u0644\u0623\u0642\u0644 \u0627\u0645\u062a\u064a\u0627\u0632\u064b\u0627 \u0647\u0648 \u0645\u0628\u062f\u0623 \u0623\u0645\u0646\u064a \u064a\u062a\u0637\u0644\u0628 \u0645\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a\u060c \u0627\u0644\u0623\u0646\u0638\u0645\u0629\u060c \u0648\u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0623\u0646 \u064a\u0643\u0648\u0646 \u0644\u062f\u064a\u0647\u0627 \u0641\u0642\u0637 \u0627\u0644\u0623\u0630\u0648\u0646\u0627\u062a \u0627\u0644\u0644\u0627\u0632\u0645\u0629 \u0644\u0625\u0646\u062c\u0627\u0632 \u0645\u0647\u0645\u0629 \u0645\u062d\u062f\u062f\u0629. \u0628\u0647\u0630\u0647 \u0627\u0644\u0637\u0631\u064a\u0642\u0629\u060c \u0633\u064a\u062a\u0645 \u062a\u0642\u0644\u064a\u0644 \u0627\u0644\u062a\u0623\u062b\u064a\u0631 \u0625\u0630\u0627 \u062a\u0645\u0643\u0646 \u0634\u062e\u0635 \u0645\u0627 \u0645\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0629 \u0648\u0625\u0644\u062d\u0627\u0642 \u0627\u0644\u0636\u0631\u0631. \u0647\u0630\u0627 \u0639\u0644\u0649 \u0627\u0644\u0646\u0642\u064a\u0636 \u0645\u0646 \u0625\u0639\u0637\u0627\u0621 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0623\u0630\u0648\u0646\u0627\u062a \u0623\u0643\u062b\u0631 \u0645\u0645\u0627 \u064a\u062d\u062a\u0627\u062c\u0648\u0646\u060c \u0645\u0645\u0627 \u064a\u0632\u064a\u062f \u0645\u0646 \u062e\u0637\u0631 \u0627\u0644\u0636\u0631\u0631 \u0627\u0644\u0643\u0628\u064a\u0631 \u0641\u064a \u0647\u062c\u0648\u0645 SQL.<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"sql-injection-frequently-asked-questions\"><strong>SQL Injection \u2013 Frequently asked questions<\/strong><\/h2>\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\u00a0<\/div><\/div>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\">\n<div id=\"faq-question-1659826159348\" class=\"schema-faq-section\"><strong class=\"schema-faq-question\">\u0645\u0627 \u0647\u0648 \u0623\u0643\u062b\u0631 \u0623\u0646\u0648\u0627\u0639 \u062d\u0642\u0646 SQL \u0634\u064a\u0648\u0639\u064b\u0627\u061f<\/strong>\n<p class=\"schema-faq-answer\">\u062d\u0642\u0646 SQL \u062f\u0627\u062e\u0644 \u0627\u0644\u0646\u0637\u0627\u0642 \u0647\u0648 \u0627\u0644\u0646\u0648\u0639 \u0627\u0644\u0623\u0643\u062b\u0631 \u0634\u064a\u0648\u0639\u064b\u0627 \u0645\u0646 \u0647\u062c\u0645\u0627\u062a \u062d\u0642\u0646 SQL. \u064a\u062d\u062f\u062b \u0630\u0644\u0643 \u0639\u0646\u062f\u0645\u0627 \u064a\u062a\u0645\u0643\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0646\u0641\u0633 \u0642\u0646\u0627\u0629 \u0627\u0644\u0627\u062a\u0635\u0627\u0644 \u0644\u0625\u0631\u0633\u0627\u0644 \u0627\u0644\u062d\u0645\u0648\u0644\u0629 \u0648\u062c\u0645\u0639 \u0627\u0644\u0646\u062a\u0627\u0626\u062c.<\/p>\n<\/div>\n<div id=\"faq-question-1659826187832\" class=\"schema-faq-section\"><strong class=\"schema-faq-question\">\u0645\u0627 \u0647\u0648 \u0623\u0641\u0636\u0644 \u062f\u0641\u0627\u0639 \u0636\u062f \u062d\u0642\u0646 SQL\u061f<\/strong>\n<p class=\"schema-faq-answer\">\u0623\u0641\u0636\u0644 \u062f\u0641\u0627\u0639 \u0636\u062f \u062d\u0642\u0646 SQL \u0647\u0648 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645\u0627\u062a \u0630\u0627\u062a \u0627\u0644\u0645\u0639\u0644\u0645\u0627\u062a. \u064a\u0633\u062a\u062e\u062f\u0645 \u0647\u0630\u0627 \u0627\u0644\u0646\u0648\u0639 \u0645\u0646 \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645\u0627\u062a \u0642\u064a\u0645\u064b\u0627 \u0628\u062f\u064a\u0644\u0629 \u0644\u0644\u0645\u0639\u0644\u0645\u0627\u062a\u060c \u0648\u0627\u0644\u062a\u064a \u064a\u062a\u0645 \u062a\u0648\u0641\u064a\u0631\u0647\u0627 \u0641\u064a \u0648\u0642\u062a \u0644\u0627\u062d\u0642. \u062a\u062a\u064a\u062d \u0647\u0630\u0647 \u0627\u0644\u0637\u0631\u064a\u0642\u0629 \u0644\u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062a\u0645\u064a\u064a\u0632 \u0628\u064a\u0646 \u0634\u0641\u0631\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0648\u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a.<\/p>\n<\/div>\n<div id=\"faq-question-1659826216670\" class=\"schema-faq-section\"><strong class=\"schema-faq-question\">\u0643\u064a\u0641 \u064a\u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 \u062d\u0642\u0646 SQL\u061f<\/strong>\n<p class=\"schema-faq-answer\">\u064a\u0645\u0643\u0646 \u0627\u0643\u062a\u0634\u0627\u0641 \u062d\u0642\u0646 SQL \u0628\u0637\u0631\u0642 \u0639\u062f\u0629. \u0625\u062d\u062f\u0649 \u0627\u0644\u0637\u0631\u0642 \u0647\u064a \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062c\u062f\u0627\u0631 \u062d\u0645\u0627\u064a\u0629 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628 (WAF). \u0627\u0644\u0640 WAF \u0647\u0648 \u0642\u0637\u0639\u0629 \u0645\u0646 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0623\u0648 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062a\u064a \u062a\u0642\u0639 \u0628\u064a\u0646 \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0648\u064a\u0628 \u0648\u0627\u0644\u0625\u0646\u062a\u0631\u0646\u062a. \u064a\u0642\u0648\u0645 \u0628\u0641\u062d\u0635 \u062d\u0631\u0643\u0629 \u0627\u0644\u0645\u0631\u0648\u0631 \u0644\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u0623\u0646\u0634\u0637\u0629 \u0627\u0644\u062e\u0628\u064a\u062b\u0629 \u0648\u064a\u0645\u0643\u0646\u0647 \u062d\u062c\u0628 \u0647\u062c\u0645\u0627\u062a \u062d\u0642\u0646 SQL.<\/p>\n<\/div>\n<div id=\"faq-question-1659826245103\" class=\"schema-faq-section\"><strong class=\"schema-faq-question\">\u0645\u0627 \u0647\u0648 \u062d\u0642\u0646 SQL \u0645\u0646 \u0627\u0644\u062f\u0631\u062c\u0629 \u0627\u0644\u062b\u0627\u0646\u064a\u0629\u061f<\/strong>\n<p class=\"schema-faq-answer\">\u064a\u062d\u062f\u062b \u062d\u0642\u0646 SQL \u0645\u0646 \u0627\u0644\u062f\u0631\u062c\u0629 \u0627\u0644\u062b\u0627\u0646\u064a\u0629 \u0639\u0646\u062f\u0645\u0627 \u064a\u062a\u0645\u0643\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u0646 \u062d\u0642\u0646 \u062d\u0645\u0648\u0644\u0629 \u064a\u062a\u0645 \u062a\u062e\u0632\u064a\u0646\u0647\u0627 \u0628\u0648\u0627\u0633\u0637\u0629 \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0648\u064a\u0628 \u062b\u0645 \u062a\u0646\u0641\u064a\u0630\u0647\u0627 \u0644\u0627\u062d\u0642\u064b\u0627. \u0647\u0630\u0627 \u0627\u0644\u0646\u0648\u0639 \u0645\u0646 \u0627\u0644\u0647\u062c\u0648\u0645 \u0623\u0643\u062b\u0631 \u0635\u0639\u0648\u0628\u0629 \u0641\u064a \u062a\u062d\u0642\u064a\u0642\u0647 \u0644\u0623\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u064a\u062c\u0628 \u0623\u0646 \u064a\u0643\u0648\u0646 \u0644\u062f\u064a\u0647 \u0637\u0631\u064a\u0642\u0629 \u0644\u062a\u0641\u0639\u064a\u0644 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062d\u0645\u0648\u0644\u0629 \u0627\u0644\u0645\u062e\u0632\u0646\u0629.<\/p>\n<\/div>\n<div id=\"faq-question-1659826275267\" class=\"schema-faq-section\"><strong class=\"schema-faq-question\">\u0645\u0627 \u0647\u0648 \u062d\u0642\u0646 SQL \u0627\u0644\u0623\u0639\u0645\u0649\u061f<\/strong>\n<p class=\"schema-faq-answer\">\u062d\u0642\u0646 SQL \u0627\u0644\u0623\u0639\u0645\u0649 \u0647\u0648 \u0647\u062c\u0648\u0645 \u062d\u064a\u062b \u0644\u0627 \u064a\u0631\u0649 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0644\u0646\u062a\u0627\u0626\u062c \u0627\u0644\u0645\u0628\u0627\u0634\u0631\u0629 \u0644\u0644\u062d\u0645\u0648\u0644 \u0627\u0644\u062e\u0627\u0635\u0629 \u0628\u0647\u0645. \u0628\u062f\u0644\u0627\u064b \u0645\u0646 \u0630\u0644\u0643\u060c \u064a\u062c\u0628 \u0639\u0644\u064a\u0647\u0645 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0639\u0628\u0627\u0631\u0627\u062a \u0635\u062d\u064a\u062d\u0629 \u0623\u0648 \u062e\u0627\u0637\u0626\u0629 \u0644\u0627\u0633\u062a\u0646\u062a\u0627\u062c \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0645\u0646 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a. \u0647\u0630\u0627 \u0627\u0644\u0646\u0648\u0639 \u0645\u0646 \u0627\u0644\u0647\u062c\u0648\u0645 \u0623\u0643\u062b\u0631 \u062a\u062d\u062f\u064a\u064b\u0627 \u0644\u0644\u062a\u0646\u0641\u064a\u0630 \u0648\u0644\u0643\u0646\u0647 \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0643\u0648\u0646 \u062e\u0637\u064a\u0631\u064b\u0627 \u0645\u062b\u0644 \u0627\u0644\u0623\u0646\u0648\u0627\u0639 \u0627\u0644\u0623\u062e\u0631\u0649 \u0645\u0646 \u062d\u0642\u0646 SQL.<\/p>\n<\/div>\n<div id=\"faq-question-1659826301781\" class=\"schema-faq-section\"><strong class=\"schema-faq-question\">\u0645\u0627 \u0647\u0648 \u0627\u0633\u062a\u0639\u0644\u0627\u0645 \u0645\u0643\u062f\u0633\u061f<\/strong>\n<p class=\"schema-faq-answer\">\u0627\u0633\u062a\u0639\u0644\u0627\u0645 \u0645\u0643\u062f\u0633 \u0647\u0648 \u0646\u0648\u0639 \u0645\u0646 \u062d\u0642\u0646 SQL \u062d\u064a\u062b \u064a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0633\u062a\u0639\u0644\u0627\u0645\u0627\u062a \u0645\u062a\u0639\u062f\u062f\u0629 \u0644\u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0645\u0646 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a. \u0647\u0630\u0627 \u0627\u0644\u0646\u0648\u0639 \u0645\u0646 \u0627\u0644\u0647\u062c\u0648\u0645 \u064a\u0643\u0648\u0646 \u0623\u0643\u062b\u0631 \u062a\u062d\u062f\u064a\u064b\u0627 \u0644\u0644\u062a\u0646\u0641\u064a\u0630 \u0648\u0644\u0643\u0646\u0647 \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0643\u0648\u0646 \u062e\u0637\u064a\u0631\u064b\u0627 \u062c\u062f\u064b\u0627 \u0625\u0630\u0627 \u0646\u062c\u062d.<\/p>\n<\/div>\n<div id=\"faq-question-1659826330814\" class=\"schema-faq-section\"><strong class=\"schema-faq-question\">\u0645\u0627 \u0647\u0648 \u062d\u0642\u0646 SQL \u0627\u0644\u0642\u0627\u0626\u0645 \u0639\u0644\u0649 \u0627\u0644\u062e\u0637\u0623\u061f<\/strong>\n<p class=\"schema-faq-answer\">\u062d\u0642\u0646 SQL \u0627\u0644\u0645\u0633\u062a\u0646\u062f \u0625\u0644\u0649 \u0627\u0644\u0623\u062e\u0637\u0627\u0621 \u0647\u0648 \u0647\u062c\u0648\u0645 \u062d\u064a\u062b \u064a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0623\u062e\u0637\u0627\u0621 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0644\u0627\u0633\u062a\u0646\u062a\u0627\u062c \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0645\u0646 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a. \u0647\u0630\u0627 \u0627\u0644\u0647\u062c\u0648\u0645 \u064a\u0643\u0648\u0646 \u0623\u0643\u062b\u0631 \u062a\u062d\u062f\u064a\u064b\u0627 \u0644\u0644\u062a\u0646\u0641\u064a\u0630 \u0648\u0644\u0643\u0646\u0647 \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0643\u0648\u0646 \u062e\u0637\u064a\u0631\u064b\u0627 \u062c\u062f\u064b\u0627 \u0625\u0630\u0627 \u0646\u062c\u062d.<\/p>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\u0645\u0627 \u0647\u0648 \u062d\u0642\u0646 SQL \u062d\u0642\u0646 SQL (SQLi) \u0647\u0648 \u0646\u0648\u0639 \u0645\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0627\u0644\u062a\u064a \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u062c\u0631\u0645\u064a\u0646 \u0628\u062a\u0646\u0641\u064a\u0630 \u0639\u0628\u0627\u0631\u0627\u062a SQL \u0636\u0627\u0631\u0629 \u0636\u062f \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628 \u0627\u0644\u0645\u0639\u0631\u0636\u0629 \u0644\u0644\u062e\u0637\u0631. \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a \u062d\u0633\u0627\u0633\u0629\u060c \u0645\u062b\u0644... <a class=\"more-link\" href=\"https:\/\/securitybriefing.net\/ar\/%d8%ad%d9%85%d8%a7%d9%8a%d8%a9\/%d8%ad%d9%82%d9%86-sql-101-%d9%85%d8%a7-%d9%87%d9%88-sqli-%d9%88%d9%83%d9%8a%d9%81%d9%8a%d8%a9-%d9%85%d9%86%d8%b9-%d8%a7%d9%84%d9%87%d8%ac%d9%85%d8%a7%d8%aa\/\">\u0645\u062a\u0627\u0628\u0639\u0629 \u0627\u0644\u0642\u0631\u0627\u0621\u0629 <span class=\"screen-reader-text\">SQL Injection 101: \u0645\u0627 \u0647\u0648 SQLi \u0648\u0643\u064a\u0641\u064a\u0629 \u0645\u0646\u0639 \u0627\u0644\u0647\u062c\u0645\u0627\u062a<\/span><\/a><\/p>","protected":false},"author":1,"featured_media":644,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[],"class_list":["post-505","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What is SQLi and How to Prevent Attacks | securitybriefing<\/title>\n<meta name=\"description\" content=\"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/securitybriefing.net\/ar\/\u062d\u0645\u0627\u064a\u0629\/\u062d\u0642\u0646-sql-101-\u0645\u0627-\u0647\u0648-sqli-\u0648\u0643\u064a\u0641\u064a\u0629-\u0645\u0646\u0639-\u0627\u0644\u0647\u062c\u0645\u0627\u062a\/\" \/>\n<meta property=\"og:locale\" content=\"ar_AR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is SQLi and How to Prevent Attacks | securitybriefing\" \/>\n<meta property=\"og:description\" content=\"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/securitybriefing.net\/ar\/\u062d\u0645\u0627\u064a\u0629\/\u062d\u0642\u0646-sql-101-\u0645\u0627-\u0647\u0648-sqli-\u0648\u0643\u064a\u0641\u064a\u0629-\u0645\u0646\u0639-\u0627\u0644\u0647\u062c\u0645\u0627\u062a\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Briefing\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-06T22:53:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\" \/>\n\t<meta property=\"og:image:width\" content=\"558\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u0643\u064f\u062a\u0628 \u0628\u0648\u0627\u0633\u0637\u0629\" \/>\n\t<meta name=\"twitter:data1\" content=\"security\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u0648\u0642\u062a \u0627\u0644\u0642\u0631\u0627\u0621\u0629 \u0627\u0644\u0645\u064f\u0642\u062f\u0651\u0631\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 \u062f\u0642\u064a\u0642\u0629\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\"},\"author\":{\"name\":\"security\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/e99d7bfcfc8ecee5ed34ef3f0416ee81\"},\"headline\":\"SQL Injection 101: What is SQLi and How to Prevent Attacks\",\"datePublished\":\"2022-08-06T22:53:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\"},\"wordCount\":2130,\"publisher\":{\"@id\":\"https:\/\/securitybriefing.net\/#organization\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"articleSection\":[\"Security\"],\"inLanguage\":\"ar\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\",\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\",\"name\":\"What is SQLi and How to Prevent Attacks | securitybriefing\",\"isPartOf\":{\"@id\":\"https:\/\/securitybriefing.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"datePublished\":\"2022-08-06T22:53:54+00:00\",\"description\":\"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.\",\"breadcrumb\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814\"}],\"inLanguage\":\"ar\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ar\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\",\"url\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"contentUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"width\":558,\"height\":500,\"caption\":\"sql injection\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/securitybriefing.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SQL Injection 101: What is SQLi and How to Prevent Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/securitybriefing.net\/#website\",\"url\":\"https:\/\/securitybriefing.net\/\",\"name\":\"Security Briefing\",\"description\":\"Read cybersecurity news, online safety guides, cyber threat updates, and use free security tools from Security Briefing.\",\"publisher\":{\"@id\":\"https:\/\/securitybriefing.net\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/securitybriefing.net\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ar\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/securitybriefing.net\/#organization\",\"name\":\"Security Briefing\",\"url\":\"https:\/\/securitybriefing.net\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ar\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png\",\"contentUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png\",\"width\":256,\"height\":70,\"caption\":\"Security Briefing\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/e99d7bfcfc8ecee5ed34ef3f0416ee81\",\"name\":\"security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ar\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g\",\"caption\":\"security\"},\"description\":\"admin is a senior staff writer for Government Technology. She previously wrote for PYMNTS and The Bay State Banner, and holds a B.A. in creative writing from Carnegie Mellon. She\u2019s based outside Boston.\",\"sameAs\":[\"http:\/\/securitybriefing.net\"],\"url\":\"https:\/\/securitybriefing.net\/ar\/author\/security\/\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348\",\"position\":1,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348\",\"name\":\"What is the most common SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"In-band SQL injection is the most common type of SQL injection attack. It occurs when an attacker can use the same communication channel to deliver the payload and gather results.\",\"inLanguage\":\"ar\"},\"inLanguage\":\"ar\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832\",\"position\":2,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832\",\"name\":\"What is the best defense of SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The best defense against SQL injection is to use parameterized queries. This type of query uses placeholder values for parameters, which are supplied at a later date. This method allows the database to identify between source code and information.\",\"inLanguage\":\"ar\"},\"inLanguage\":\"ar\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670\",\"position\":3,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670\",\"name\":\"How is SQL injection detected?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"SQL injection can be detected in several ways. One method is to use a web application firewall (WAF). A WAF is a piece of hardware or software that sits between a web application and the internet. It inspects traffic for malicious activity and can block SQL injection attacks.\",\"inLanguage\":\"ar\"},\"inLanguage\":\"ar\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103\",\"position\":4,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103\",\"name\":\"What is second-order SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Second-order SQL injection occurs when an attacker can inject a payload that is stored by the web application and then later executed. This type of attack is more difficult to achieve because the attacker must have a way to trigger the execution of the stored payload.\",\"inLanguage\":\"ar\"},\"inLanguage\":\"ar\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267\",\"position\":5,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267\",\"name\":\"What is blind SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Blind SQL injection is an attack where the attacker does not directly see the results of their payload. Instead, they must use true or false statements to infer information from the database. This type of attack is more challenging to execute but can be just as dangerous as other types of SQL injection.\",\"inLanguage\":\"ar\"},\"inLanguage\":\"ar\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781\",\"position\":6,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781\",\"name\":\"What is a stacked query?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"A stacked query is a type of SQL injection where the attacker uses multiple queries to extract information from the database. This type of attack is more challenging to execute but can be very dangerous if successful.\",\"inLanguage\":\"ar\"},\"inLanguage\":\"ar\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814\",\"position\":7,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814\",\"name\":\"What is an error-based SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Error-based SQL injection is an attack where the attacker uses database errors to infer information from the database. This attack is more challenging to execute but can be very dangerous if successful.\",\"inLanguage\":\"ar\"},\"inLanguage\":\"ar\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u0645\u0627 \u0647\u0648 SQLi \u0648\u0643\u064a\u0641\u064a\u0629 \u0645\u0646\u0639 \u0627\u0644\u0647\u062c\u0645\u0627\u062a | securitybriefing","description":"\u062a\u0639\u0644\u0645 \u0623\u0633\u0627\u0633\u064a\u0627\u062a \u062d\u0642\u0646 SQL. \u0645\u0627 \u0647\u0648 \u062d\u0642\u0646 SQL\u060c \u0643\u064a\u0641 \u064a\u0639\u0645\u0644\u060c \u0648\u0645\u0627 \u0647\u064a \u0627\u0644\u0637\u0631\u0642 \u0644\u062d\u0645\u0627\u064a\u0629 \u0645\u0648\u0642\u0639\u0643 \u0645\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/securitybriefing.net\/ar\/\u062d\u0645\u0627\u064a\u0629\/\u062d\u0642\u0646-sql-101-\u0645\u0627-\u0647\u0648-sqli-\u0648\u0643\u064a\u0641\u064a\u0629-\u0645\u0646\u0639-\u0627\u0644\u0647\u062c\u0645\u0627\u062a\/","og_locale":"ar_AR","og_type":"article","og_title":"What is SQLi and How to Prevent Attacks | securitybriefing","og_description":"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.","og_url":"https:\/\/securitybriefing.net\/ar\/\u062d\u0645\u0627\u064a\u0629\/\u062d\u0642\u0646-sql-101-\u0645\u0627-\u0647\u0648-sqli-\u0648\u0643\u064a\u0641\u064a\u0629-\u0645\u0646\u0639-\u0627\u0644\u0647\u062c\u0645\u0627\u062a\/","og_site_name":"Security Briefing","article_published_time":"2022-08-06T22:53:54+00:00","og_image":[{"width":558,"height":500,"url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","type":"image\/png"}],"author":"security","twitter_card":"summary_large_image","twitter_misc":{"\u0643\u064f\u062a\u0628 \u0628\u0648\u0627\u0633\u0637\u0629":"security","\u0648\u0642\u062a \u0627\u0644\u0642\u0631\u0627\u0621\u0629 \u0627\u0644\u0645\u064f\u0642\u062f\u0651\u0631":"11 \u062f\u0642\u064a\u0642\u0629"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#article","isPartOf":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/"},"author":{"name":"security","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/e99d7bfcfc8ecee5ed34ef3f0416ee81"},"headline":"SQL Injection 101: What is SQLi and How to Prevent Attacks","datePublished":"2022-08-06T22:53:54+00:00","mainEntityOfPage":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/"},"wordCount":2130,"publisher":{"@id":"https:\/\/securitybriefing.net\/#organization"},"image":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","articleSection":["Security"],"inLanguage":"ar"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/","url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/","name":"\u0645\u0627 \u0647\u0648 SQLi \u0648\u0643\u064a\u0641\u064a\u0629 \u0645\u0646\u0639 \u0627\u0644\u0647\u062c\u0645\u0627\u062a | securitybriefing","isPartOf":{"@id":"https:\/\/securitybriefing.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage"},"image":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","datePublished":"2022-08-06T22:53:54+00:00","description":"\u062a\u0639\u0644\u0645 \u0623\u0633\u0627\u0633\u064a\u0627\u062a \u062d\u0642\u0646 SQL. \u0645\u0627 \u0647\u0648 \u062d\u0642\u0646 SQL\u060c \u0643\u064a\u0641 \u064a\u0639\u0645\u0644\u060c \u0648\u0645\u0627 \u0647\u064a \u0627\u0644\u0637\u0631\u0642 \u0644\u062d\u0645\u0627\u064a\u0629 \u0645\u0648\u0642\u0639\u0643 \u0645\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a.","breadcrumb":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814"}],"inLanguage":"ar","potentialAction":[{"@type":"ReadAction","target":["https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"ar","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage","url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","contentUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","width":558,"height":500,"caption":"sql injection"},{"@type":"BreadcrumbList","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/securitybriefing.net\/"},{"@type":"ListItem","position":2,"name":"SQL Injection 101: What is SQLi and How to Prevent Attacks"}]},{"@type":"WebSite","@id":"https:\/\/securitybriefing.net\/#website","url":"https:\/\/securitybriefing.net\/","name":"\u0627\u0644\u0625\u062d\u0627\u0637\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629","description":"Read cybersecurity news, online safety guides, cyber threat updates, and use free security tools from Security Briefing.","publisher":{"@id":"https:\/\/securitybriefing.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/securitybriefing.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ar"},{"@type":"Organization","@id":"https:\/\/securitybriefing.net\/#organization","name":"\u0627\u0644\u0625\u062d\u0627\u0637\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629","url":"https:\/\/securitybriefing.net\/","logo":{"@type":"ImageObject","inLanguage":"ar","@id":"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/","url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png","contentUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png","width":256,"height":70,"caption":"Security Briefing"},"image":{"@id":"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/e99d7bfcfc8ecee5ed34ef3f0416ee81","name":"\u062d\u0645\u0627\u064a\u0629","image":{"@type":"ImageObject","inLanguage":"ar","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g","caption":"security"},"description":"\u0623\u062f\u0645\u0646 \u0643\u0627\u062a\u0628\u0629 \u0643\u0628\u064a\u0631\u0629 \u0641\u064a \u0642\u0633\u0645 \u062a\u0643\u0646\u0648\u0644\u0648\u062c\u064a\u0627 \u0627\u0644\u062d\u0643\u0648\u0645\u0629. \u0643\u062a\u0628\u062a \u0633\u0627\u0628\u0642\u064b\u0627 \u0641\u064a PYMNTS \u0648The Bay State Banner\u060c \u0648\u062d\u0635\u0644\u062a \u0639\u0644\u0649 \u062f\u0631\u062c\u0629 \u0627\u0644\u0628\u0643\u0627\u0644\u0648\u0631\u064a\u0648\u0633 \u0641\u064a \u0627\u0644\u0643\u062a\u0627\u0628\u0629 \u0627\u0644\u0625\u0628\u062f\u0627\u0639\u064a\u0629 \u0645\u0646 \u062c\u0627\u0645\u0639\u0629 \u0643\u0627\u0631\u0646\u064a\u062c\u064a \u0645\u064a\u0644\u0648\u0646. \u0648\u0647\u064a \u062a\u0642\u064a\u0645 \u062e\u0627\u0631\u062c \u0628\u0648\u0633\u0637\u0646.","sameAs":["http:\/\/securitybriefing.net"],"url":"https:\/\/securitybriefing.net\/ar\/author\/security\/"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348","position":1,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348","name":"\u0645\u0627 \u0647\u0648 \u0623\u0643\u062b\u0631 \u0623\u0646\u0648\u0627\u0639 \u062d\u0642\u0646 SQL \u0634\u064a\u0648\u0639\u064b\u0627\u061f","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"In-band SQL injection is the most common type of SQL injection attack. It occurs when an attacker can use the same communication channel to deliver the payload and gather results.","inLanguage":"ar"},"inLanguage":"ar"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832","position":2,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832","name":"\u0645\u0627 \u0647\u0648 \u0623\u0641\u0636\u0644 \u062f\u0641\u0627\u0639 \u0636\u062f \u062d\u0642\u0646 SQL\u061f","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"The best defense against SQL injection is to use parameterized queries. This type of query uses placeholder values for parameters, which are supplied at a later date. This method allows the database to identify between source code and information.","inLanguage":"ar"},"inLanguage":"ar"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670","position":3,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670","name":"\u0643\u064a\u0641 \u064a\u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 \u062d\u0642\u0646 SQL\u061f","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"SQL injection can be detected in several ways. One method is to use a web application firewall (WAF). A WAF is a piece of hardware or software that sits between a web application and the internet. It inspects traffic for malicious activity and can block SQL injection attacks.","inLanguage":"ar"},"inLanguage":"ar"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103","position":4,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103","name":"\u0645\u0627 \u0647\u0648 \u062d\u0642\u0646 SQL \u0645\u0646 \u0627\u0644\u062f\u0631\u062c\u0629 \u0627\u0644\u062b\u0627\u0646\u064a\u0629\u061f","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Second-order SQL injection occurs when an attacker can inject a payload that is stored by the web application and then later executed. This type of attack is more difficult to achieve because the attacker must have a way to trigger the execution of the stored payload.","inLanguage":"ar"},"inLanguage":"ar"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267","position":5,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267","name":"\u0645\u0627 \u0647\u0648 \u062d\u0642\u0646 SQL \u0627\u0644\u0623\u0639\u0645\u0649\u061f","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Blind SQL injection is an attack where the attacker does not directly see the results of their payload. Instead, they must use true or false statements to infer information from the database. This type of attack is more challenging to execute but can be just as dangerous as other types of SQL injection.","inLanguage":"ar"},"inLanguage":"ar"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781","position":6,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781","name":"\u0645\u0627 \u0647\u0648 \u0627\u0633\u062a\u0639\u0644\u0627\u0645 \u0645\u0643\u062f\u0633\u061f","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"A stacked query is a type of SQL injection where the attacker uses multiple queries to extract information from the database. This type of attack is more challenging to execute but can be very dangerous if successful.","inLanguage":"ar"},"inLanguage":"ar"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814","position":7,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814","name":"\u0645\u0627 \u0647\u0648 \u062d\u0642\u0646 SQL \u0627\u0644\u0642\u0627\u0626\u0645 \u0639\u0644\u0649 \u0627\u0644\u062e\u0637\u0623\u061f","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Error-based SQL injection is an attack where the attacker uses database errors to infer information from the database. This attack is more challenging to execute but can be very dangerous if successful.","inLanguage":"ar"},"inLanguage":"ar"}]}},"_links":{"self":[{"href":"https:\/\/securitybriefing.net\/ar\/wp-json\/wp\/v2\/posts\/505","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securitybriefing.net\/ar\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securitybriefing.net\/ar\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/ar\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/ar\/wp-json\/wp\/v2\/comments?post=505"}],"version-history":[{"count":0,"href":"https:\/\/securitybriefing.net\/ar\/wp-json\/wp\/v2\/posts\/505\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/ar\/wp-json\/wp\/v2\/media\/644"}],"wp:attachment":[{"href":"https:\/\/securitybriefing.net\/ar\/wp-json\/wp\/v2\/media?parent=505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securitybriefing.net\/ar\/wp-json\/wp\/v2\/categories?post=505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securitybriefing.net\/ar\/wp-json\/wp\/v2\/tags?post=505"}],"curies":[{"name":"\u0648\u0648\u0631\u062f\u0628\u0631\u064a\u0633","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}