Ferruh emailed me today about a new SQL Injection Cheat Sheet that he has built (similar in concept to the XSS Cheat Sheet) meant to be a learning tool for those who are unfamiliar with SQL Injection. It’s really good as it has a lot of explanations that go well beyond anything else I’ve seen. Click here for the SQL injection cheat sheet. To be fair, I know of at least two other SQL injection cheat sheets out there. First was my feeble attempt that I never followed through with (I’m too embarrassed to give out the URL any more than I already have since it sucks so bad) and Jungsonn’s SQL injection cheat sheet.
I’ve always like the concept of Cheat Sheets - the at a glance tools that help people understand a lot more about a topic or use as a reference. I was never one for lectures in school, I liked the hands on learning, and in fact, when I read books I almost always skim over the words and my eyes land on the code samples. So this kind of thing is really nice if you want to just see the code and read the supporting text once you get interested.
As a side note there is a big section of the forums devoted to SQL injection that I hope people will use to discuss the topic, as there is certainly more work to be done in this area. I encourage anyone new to the field to check it out, and anyone who’s an expert to lend their skills to any questions that arise. We’ve had good conversations but the more people understand the issue the better.