Skip to main content

Table 2 Keywords used to compose SQL-injection code

From: A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm

S/N Keyword Description
1 OR Used in Boolean-based injection attack
2 UNION Used in union-based injection attack
3 DROP Used to destroy the entire database table
4 DELETE Used to delete rows in a database table
5 TRUNCATE Used to empty a particular table in a database
6 SELECT Used to retrieve record from a database table
7 UPDATE Used to modify record in a database table
8 INSERT Used to add record to a table in a database
9 LIKE Used with the wildcard (%) to select a record that contains a particular string pattern.
10 CONVERT( ) Used in error-based SQL injection to causes the database server to displays some error messages.