This course will be retired on June 1, 2025.
Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Start a free Courses trial
to watch this video
Injection flaws occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
New Terms:
- Command Injection: the ability to exploit places in a web app that accept user input by inserting malicious or malformed data to cause the system to operate in a non-standard way (at least non-standard according to what the developer intended).
- SQL: Structured Query Language, the standard for SQL databases to abide by when querying for data stored in the system, adding data to the system, updating data, and deleting data.
- NoSQL: A term used for databases which are not traditional SQL systems and may have different query languages and data storage models. An example is MongoDB, which has a query language based on JavaScript.
Further Reading:
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up