Hacking Websites with SQL Injection – Computerphile



Websites can still be hacked using SQL injection – Tom explains how sites written in PHP (and other languages too) can be vulnerable and have basic security issues.

More from Tom Scott: http://www.youtube.com/user/enyay and https://twitter.com/tomscott

Follow the Cookie Trail: http://www.youtube.com/watch?v=LHSSY8QNvew
CERN Computing Centre & Mouse Farm: http://www.youtube.com/watch?v=S0MgJFGL5jg

http://www.facebook.com/computerphile

This video was filmed and edited by Sean Riley.

Computerphile is a sister project to Brady Haran’s Numberphile. See the full list of Brady’s video projects at: http://bit.ly/bradychannels

source

34 thoughts on “Hacking Websites with SQL Injection – Computerphile

  1. realwizardry September 27, 2017 at 1:27 am

    Who is he actually talking to

  2. John September 27, 2017 at 1:27 am

    SQL = Squeal

  3. KonstantinGeist September 27, 2017 at 1:27 am

    C# is friendlier than PHP because you don't have to deal with WTF's all the time

  4. Ironed Sandwich September 27, 2017 at 1:27 am

    how is SQL Injection not protected against by every website in existence?

  5. Tactix September 27, 2017 at 1:27 am

    Thousandth comment 😮

  6. Bill Michelson September 27, 2017 at 1:27 am

    Another British advertisement about Tim B Lee "inventing" the Web???????
    No way….. he ever understood the concept of the Web!!!! The Web was developed not invented by at least 100 great Americans, modest and quiet great people …..

  7. Amit kumar September 27, 2017 at 1:27 am

    thanks tom, awesome explanation

  8. WhimsyHeath September 27, 2017 at 1:27 am

    funnily enough, I got a SQL course ad for this video.

  9. Henrique Dourado September 27, 2017 at 1:27 am

    just checking cause of google attack

  10. 1UpsForLife September 27, 2017 at 1:27 am

    Tom with no red shirt? What is this???

  11. Matthew Dickerson September 27, 2017 at 1:27 am

    I love your channel name and the videos are great! It really satisfies my love of technology, but makes me wanna learn more!

  12. Cozzi September 27, 2017 at 1:27 am

    this video should be titled "protecting websites from SQL injection". the main subject is how to stop it…

  13. Shaleen Baral September 27, 2017 at 1:27 am

    So use something like a variable?

  14. Philip Adderley September 27, 2017 at 1:27 am

    surely if you develop a routine that meticulously validates every character in every input field to gracefully reject anything that shouldn't be there and everyone developing code for your website uses it, then you're not going to let ANY malformed input through?

  15. BasedLemur September 27, 2017 at 1:27 am

    Don't most websites send text through some secondary language's, like JS or something, function to clean the input before sending it to the actual database?

  16. MrTripi September 27, 2017 at 1:27 am

    WordPress is garbage

  17. khuthadzo mukhesakule September 27, 2017 at 1:27 am

    SERVER QUERY LUANGUAGE (SQL)

  18. skyler114 September 27, 2017 at 1:27 am

    Can you do a few videos on the Deep Web/Dark Net?

  19. sajid raza September 27, 2017 at 1:27 am

    great

  20. faris yazdi September 27, 2017 at 1:27 am

    The recent ‘Super Mario World (1990)’ speedrun uses code injection in very fascinating ways that I don't understand. There is even a way to play PONG on the game using in-game sprites and complicated code injection.

  21. Holzkohlen September 27, 2017 at 1:27 am

    With PHP you would need to use a multi_query for that to work though, wouldn't you?

  22. TehDarkrai September 27, 2017 at 1:27 am

    so is SQL injection similar to XSS or am i completely wrong here?

  23. Conner McKay September 27, 2017 at 1:27 am

    Yup, PHP is the most used programming language in websites… besides HTML, which involves PHP sometimes…

  24. EVIL8URN September 27, 2017 at 1:27 am

    I call it sequel injection.

  25. zhevox September 27, 2017 at 1:27 am

    Robert'); DROP TABLE Students;–

  26. Cătălin George Feștilă September 27, 2017 at 1:27 am

    don't working , don't try ! /

  27. RykahP96 September 27, 2017 at 1:27 am

    Pretty much the first thing you learn in uni for web programming.

  28. Dr Frogga September 27, 2017 at 1:27 am

    I thought you could setup your web server aka Apache to automatically add slashes to any incoming data?

  29. 0096luke September 27, 2017 at 1:27 am

    There's a fix for this. It's called not using PHP

  30. Tiago Morais Morgado September 27, 2017 at 1:27 am

    time to encrypt databases and passwords in an intelligent way if you are working in it

  31. Aaron Lowe September 27, 2017 at 1:27 am

    Hm. Interesting. I do more of game-oriented programming than web-based (where this stuff doesn't really happen). But this is still interesting.

  32. P K September 27, 2017 at 1:27 am

    hmmm select *…. who with a basic understanding of web programming would actually put something like this… well kind of strange.. good video though.

  33. vxcvbzn September 27, 2017 at 1:27 am

    B3 to C3

  34. Johan Öhman September 27, 2017 at 1:27 am

    Love how this turned into a PHP promotional video with our host feeling the need to justify his usage of PHP! 😀

Leave a Reply