SQL INJECTION FUNDAMENTALS 3-MySQL Flashcards
What is the primary function of a database in a web application?
- A. Store static HTML pages
- B. Store and retrieve data related to the web application
- C. Host the web application
- D. Manage user sessions
Correct Answer: B. Store and retrieve data related to the web application
Explanation: Databases in web applications are used to store and retrieve various types of data, including web content and user information.
What is SQL injection (SQLi)?
- A. A method to enhance database performance
- B. An attack that allows users to execute unintended SQL queries
- C. A technique for data backup
- D. A process to encrypt database queries
Correct Answer: B. An attack that allows users to execute unintended SQL queries
Explanation: SQL injection is a security vulnerability that allows attackers to interfere with the queries an application makes to its database.
Which of the following is NOT a type of injection vulnerability?
- A. HTTP injection
- B. Code injection
- C. Command injection
- D. Data injection
Correct Answer: D. Data injection
Explanation: Data injection is not commonly listed as a type of injection vulnerability, unlike HTTP, code, and command injection.
What is a common method attackers use to exploit SQL injection vulnerabilities?
- A. Encrypting SQL queries
- B. Injecting a single quote (‘)
- C. Using secure coding practices
- D. Validating user input
Correct Answer: B. Injecting a single quote (‘)
Explanation: Attackers often use single quotes to manipulate the SQL query structure.
What can be a significant impact of a successful SQL injection attack?
* A. Improved website performance
* B. Enhanced user experience
* C. Data breaches and unauthorized access
* D. Better database organization
Correct Answer: C. Data breaches and unauthorized access
Explanation: SQL injections can lead to unauthorized access to sensitive data and potential data breaches.
How can SQL injection attacks be prevented?
- A. By using weak passwords
- B. By allowing direct database access
- C. Through user input sanitization and validation
- D. By disabling database backups
Correct Answer: C. Through user input sanitization and validation
Explanation: Properly sanitizing and validating user inputs can prevent SQL injection vulnerabilities.
What is the purpose of the UNION clause in SQL injection?
- A. To enhance database security
- B. To combine the results of multiple queries
- C. To encrypt database tables
- D. To delete database records
Correct Answer: B. To combine the results of multiple queries
Explanation: The UNION clause allows an attacker to combine results from multiple queries in SQL injection.
What type of information can be retrieved through SQL injection?
- A. Publicly available information
- B. Sensitive information like user logins and credit card details
- C. HTML content
- D. CSS styles
Correct Answer: B. Sensitive information like user logins and credit card details
Explanation: SQL injections can expose sensitive information stored in the database.
What are stacked queries in the context of SQL injection?
- A. Queries that are encrypted
- B. Multiple SQL statements executed in one go
- C. Queries that enhance database performance
- D. Queries that prevent SQL injection
Correct Answer: B. Multiple SQL statements executed in one go
Explanation: Stacked queries allow multiple SQL commands to be executed in a single query, which can be exploited in SQL injection attacks.
Why is user input validation important in preventing SQL injection?
- A. It improves database performance
- B. It ensures only intended data is processed
- C. It simplifies database queries
- D. It enhances the user interface
Correct Answer: B. It ensures only intended data is processed
Explanation: Validating user input ensures that only appropriate and safe data is processed by the database, preventing malicious inputs.
What is the primary function of a database in a web application?
- A. Store static HTML pages
- B. Store and retrieve data related to the web application
- C. Host the web application
- D. Manage user sessions
Correct Answer: B. Store and retrieve data related to the web application
Explanation: Databases in web applications are used to store and retrieve various types of data, including web content and user information.
What is SQL injection (SQLi)?
- A. A method to enhance database performance
- B. An attack that allows users to execute unintended SQL queries
- C. A technique for data backup
- D. A process to encrypt database queries
Correct Answer: B. An attack that allows users to execute unintended SQL queries
Explanation: SQL injection is a security vulnerability that allows attackers to interfere with the queries an application makes to its database.
Which of the following is NOT a type of injection vulnerability?
- A. HTTP injection
- B. Code injection
- C. Command injection
- D. Data injection
Correct Answer: D. Data injection
Explanation: Data injection is not commonly listed as a type of injection vulnerability, unlike HTTP, code, and command injection.
What is a common method attackers use to exploit SQL injection vulnerabilities?
- A. Encrypting SQL queries
- B. Injecting a single quote (‘)
- C. Using secure coding practices
- D. Validating user input
Correct Answer: B. Injecting a single quote (‘)
Explanation: Attackers often use single quotes to manipulate the SQL query structure.
What can be a significant impact of a successful SQL injection attack?
* A. Improved website performance
* B. Enhanced user experience
* C. Data breaches and unauthorized access
* D. Better database organization
Correct Answer: C. Data breaches and unauthorized access
Explanation: SQL injections can lead to unauthorized access to sensitive data and potential data breaches.
How can SQL injection attacks be prevented?
- A. By using weak passwords
- B. By allowing direct database access
- C. Through user input sanitization and validation
- D. By disabling database backups
Correct Answer: C. Through user input sanitization and validation
Explanation: Properly sanitizing and validating user inputs can prevent SQL injection vulnerabilities.
What is the purpose of the UNION clause in SQL injection?
- A. To enhance database security
- B. To combine the results of multiple queries
- C. To encrypt database tables
- D. To delete database records
Correct Answer: B. To combine the results of multiple queries
Explanation: The UNION clause allows an attacker to combine results from multiple queries in SQL injection.
What type of information can be retrieved through SQL injection?
- A. Publicly available information
- B. Sensitive information like user logins and credit card details
- C. HTML content
- D. CSS styles
Correct Answer: B. Sensitive information like user logins and credit card details
Explanation: SQL injections can expose sensitive information stored in the database.
What are stacked queries in the context of SQL injection?
- A. Queries that are encrypted
- B. Multiple SQL statements executed in one go
- C. Queries that enhance database performance
- D. Queries that prevent SQL injection
Correct Answer: B. Multiple SQL statements executed in one go
Explanation: Stacked queries allow multiple SQL commands to be executed in a single query, which can be exploited in SQL injection attacks.
Why is user input validation important in preventing SQL injection?
- A. It improves database performance
- B. It ensures only intended data is processed
- C. It simplifies database queries
- D. It enhances the user interface
Correct Answer: B. It ensures only intended data is processed
Explanation: Validating user input ensures that only appropriate and safe data is processed by the database, preventing malicious inputs.
What is the primary function of a relational database in a web application?
- A. To store and serve static content like HTML and CSS files
- B. To host the web application on a remote server
- C. To manage and organize dynamic data related to the application
- D. To provide real-time analytics and data visualization
Correct Answer: C. To manage and organize dynamic data related to the application
Explanation: Relational databases are used to store, organize, and manage dynamic data that is crucial for the functioning of web applications.
What distinguishes SQL injection from other types of injection attacks?
- A. It targets web applications using client-side scripts
- B. It manipulates the SQL queries executed by the database
- C. It exploits vulnerabilities in the server operating system
- D. It affects only non-relational databases
Correct Answer: B. It manipulates the SQL queries executed by the database
Explanation: SQL injection specifically involves manipulating the SQL queries made to the database, allowing attackers to execute unintended commands.
In the context of relational databases, what is the role of a primary key?
- A. To encrypt sensitive data in the table
- B. To uniquely identify each record in the table
- C. To link multiple databases together
- D. To provide default values for columns
Correct Answer: B. To uniquely identify each record in the table .
Explanation: A primary key uniquely identifies each record in a table, ensuring that each entry is distinct and can be referenced individually
How can an attacker use the UNION clause in a SQL injection attack?
* A. To drop database tables
* B. To combine results from multiple queries into a single result set
* C. To execute server-side scripts
* D. To encrypt the database schema
Correct Answer: B. To combine results from multiple queries into a single result set
Explanation: The UNION clause in SQL can be exploited to combine the results of multiple queries, potentially revealing unintended data.
What is a common defense mechanism against SQL injection attacks?
* A. Using complex passwords for database access
* B. Storing all data in encrypted form
* C. Implementing input validation and parameterized queries
* D. Limiting the size of database tables
Correct Answer: C. Implementing input validation and parameterized queries
Explanation: Input validation and parameterized queries ensure that user inputs are properly sanitized, preventing SQL injection attacks.
When using the SELECT statement, how can you limit the number of rows returned by the query?
- A. By using the DISTINCT keyword
- B. By specifying a column name in the WHERE clause
- C. By using the LIMIT clause with a specified number
- D. By ordering the results in descending order
Correct Answer: C. By using the LIMIT clause with a specified number
Explanation: The LIMIT clause restricts the number of rows returned by a SELECT query, which is useful for managing large result sets.
What is the purpose of the ORDER BY clause in a SQL query?
- A. To filter records based on specific conditions
- B. To sort the result set in ascending or descending order
- C. To group records with similar values
- D. To perform mathematical operations on the result set
Correct Answer: B. To sort the result set in ascending or descending order
Explanation: The ORDER BY clause is used to sort the records in the result set based on one or more columns, either in ascending or descending order.
How can you retrieve only the distinct values from a specific column in a SQL query?
- A. By using the WHERE clause
- B. By using the DISTINCT keyword
- C. By combining multiple SELECT statements
- D. By setting a default value for the column
Correct Answer: B. By using the DISTINCT keyword
Explanation: The DISTINCT keyword is used in SQL to return only distinct (unique) values from a specified column, eliminating duplicates.
What is the function of the LIKE clause in SQL?
- A. To compare values exactly
- B. To match values against a pattern using wildcards
- C. To combine results from different tables
- D. To perform arithmetic operations on columns
Correct Answer: B. To match values against a pattern using wildcards
Explanation: The LIKE clause is used in SQL to search for a specified pattern in a column, using wildcards such as % and _ to define the pattern.
Why is it important to include the WHERE clause in an UPDATE statement?
- A. To specify the table to be updated
- B. To limit the records that will be updated based on a condition
- C. To ensure all columns are updated
- D. To define the new values for the columns
Correct Answer: B. To limit the records that will be updated based on a condition
Explanation: The WHERE clause is crucial in an UPDATE statement to specify which records should be updated, preventing unintentional changes to all records in the table.
What SQL statement would you use to add a new column named ‘email’ to an existing table ‘users’?
- A. INSERT COLUMN email TO users
- B. MODIFY TABLE users ADD COLUMN email VARCHAR(255)
- C. ALTER TABLE users ADD COLUMN email VARCHAR(255)
- D. UPDATE TABLE users SET COLUMN email VARCHAR(255)
Correct Answer: C. ALTER TABLE users ADD COLUMN email VARCHAR(255)
Explanation: The ALTER TABLE statement is used to add, delete, or modify columns in an existing table.
In a SQL injection attack, what is the purpose of using the comment symbol (–)?
- A. To encrypt the query
- B. To terminate the current SQL statement
- C. To add a new line in the query
- D. To specify a condition
Correct Answer: B. To terminate the current SQL statement
Explanation: The comment symbol (–) is used to terminate the rest of the SQL query, allowing the attacker to control the execution flow.
Which SQL clause is used to filter records based on a specified condition?
- A. GROUP BY
- B. ORDER BY
- C. WHERE
- D. HAVING
Correct Answer: C. WHERE
Explanation: The WHERE clause is used to filter records based on a specified condition in SQL queries.
How would you select all users from a table ‘logins’ whose username starts with ‘admin’?
- A. SELECT * FROM logins WHERE username LIKE ‘admin%’
- B. SELECT * FROM logins WHERE username = ‘admin’
- C. SELECT * FROM logins WHERE username CONTAINS ‘admin’
- D. SELECT * FROM logins WHERE username = ‘admin*’
Correct Answer: A. SELECT * FROM logins WHERE username LIKE ‘admin%’
Explanation: The LIKE clause with the wildcard ‘%’ is used to match any sequence of characters starting with ‘admin’.
What is the result of the following query: SELECT 1 = 1 AND ‘a’ = ‘a’;
- A. 1
- B. 0
- C. TRUE
- D. FALSE
Correct Answer: A. 1
Explanation: In SQL, 1 represents true. Since both conditions in the AND operator are true, the result is 1.
How can you ensure a column ‘user_id’ in a table ‘users’ only contains unique values?
- A. By using the DISTINCT keyword
- B. By setting the column as PRIMARY KEY
- C. By using the UNIQUE constraint
- D. By setting a default value
Correct Answer: C. By using the UNIQUE constraint
Explanation: The UNIQUE constraint ensures that all values in a column are different from each other.
What does the following SQL query do: SELECT * FROM logins WHERE username != ‘john’ AND id > 1;
- A. Selects all records where the username is ‘john’ and id is greater than 1
- B. Selects all records where the username is not ‘john’ and id is greater than 1
- C. Selects all records where the username is ‘john’ or id is greater than 1
- D. Selects all records where the username is not ‘john’ or id is greater than 1
Correct Answer: B. Selects all records where the username is not ‘john’ and id is greater than 1
Explanation: The query filters records based on both conditions using the AND operator.
What is the effect of the LIMIT clause in a SQL query?
- A. It limits the columns that are returned in the result set
- B. It limits the number of rows that are returned in the result set
- C. It limits the number of queries that can be run simultaneously
- D. It limits the execution time of the query
Correct Answer: B. It limits the number of rows that are returned in the result set
Explanation: The LIMIT clause restricts the number of rows returned by a query.
Which SQL operator would you use to check if a value is within a range of values?
- A. BETWEEN
- B. IN
- C. LIKE
- D. EXISTS
Correct Answer: A. BETWEEN
Explanation: The BETWEEN operator is used to filter the result set within a certain range.
How do you rename an existing table ‘old_table’ to ‘new_table’ in SQL?
- A. UPDATE old_table SET name = ‘new_table’
- B. ALTER TABLE old_table RENAME TO new_table
- C. RENAME TABLE old_table TO new_table
- D. MODIFY TABLE old_table TO new_table
Correct Answer: C. RENAME TABLE old_table TO new_table
Explanation: The RENAME TABLE statement is used to change the name of an existing table.
