Factsheet Help! My website is vulnerable to SQL injection

SQL injection is a popular and frequently used attack on websites, which attackers use to steal large volumes of (client) information. Although there are other types of attacks for capturing this information, SQL injection appears to be a frequently used method. A website becomes vulnerable to SQL injection when attackers are able to influence the queries sent by a website to a database. This enables the attacker to extract information from the database or to change the contents of the database through, for example, a simple query. In this way, an SQL injection vulnerability can endanger both the integrity as well as the confidentiality of the information behind the website.

About this factsheet

This factsheet explains what you must do when your website is vulnerable to SQL injection and an attack has been successful. In addition, the factsheet describes which precautionary measures you can take to ensure that you are safe from SQL injection

The factsheet is geared towards developers and technical administrators of websites. Are you the owner of a vulnerable website, but do you have no knowledge of the technicalities of this website? Send this factsheet to your developer or administrator.

This publication is no longer actively maintained by the NCSC. The information in this publication may therefore be out of date.