SQL Injection

1. Overview

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.

2. Example

Injection Type	Description
Retrieving hidden data	where you can modify an SQL query to return additional results.
Subverting application logic	where you can change a query to interfere with the application's logic.
UNION attacks	where you can retrieve data from different database tables.
Examining the database	where you can extract information about the version and structure of the database.
Blind SQL injection	where the results of a query you control are not returned in the application's responses.

3. Prevention

3.1 Using ORM

3.2 Using # instead of $

MyBatis interprets #{...} as a parameter marker in a JDBC prepared statement.

MyBatis interprets ${...} as string substitution.

4. References

https://portswigger.net/web-security/sql-injection

https://mybatis.org/mybatis-3/configuration.html#typeHandlers

https://stackoverflow.com/questions/24201209/mybatis-protect-string-substitution-parameter-from-sql-injection

https://github.com/mybatis/mybatis-3/wiki/FAQ