Websites can still be hacked using SQL injection – Tom explains how sites written in PHP (and other languages too) can be vulnerable and have basic security issues.

More from Tom Scott: and

Follow the Cookie Trail:
CERN Computing Centre & Mouse Farm:

This video was filmed and edited by Sean Riley.

Computerphile is a sister project to Brady Haran’s Numberphile. See the full list of Brady’s video projects at:


  1. Me and my friend always joked about naming a kid "DropTable" in our IS SQL intro course.
    But I guess now I realized it should be something along the lines of: Frank";Droptable

  2. i am dot net developer , but i know lettle php i think php developers uses PDO which they can avoid the injection i use entity framework that's helps me to avoid injection

  3. That's… ridiculous. How was (is?) a such thing even possible?, it's beyond dumb.
    Found this video looking for info on how hacking works. It's beyond my understanding why operating system, gadgets, networks can't be hacker safe.

  4. But what if you validate ALL user input with regex? The program will only send the query to my database if the input matches my regex. Is this a good protection)

  5. I have more than 5 years experience in SQLI , i had so much fun while injecting the url , But programming language is gotten realy strong these days SQLI became a bit harder when mysqli was out .

  6. Another British advertisement about Tim B Lee "inventing" the Web???????
    No way….. he ever understood the concept of the Web!!!! The Web was developed not invented by at least 100 great Americans, modest and quiet great people …..


Please enter your comment!
Please enter your name here