{"id":597,"date":"2025-05-22T14:14:00","date_gmt":"2025-05-22T12:14:00","guid":{"rendered":"https:\/\/lars-hilse.de\/lhx18\/?p=597"},"modified":"2025-05-10T01:21:36","modified_gmt":"2025-05-09T23:21:36","slug":"what-in-gods-name-is-sql-injection","status":"publish","type":"post","link":"https:\/\/lars-hilse.de\/lhx18\/2025\/05\/what-in-gods-name-is-sql-injection\/","title":{"rendered":"What in God&#8217;s Name is SQL Injection?"},"content":{"rendered":"<div class=\"ttr_start\"><\/div>\n<p>Today, let&#8217;s talk databases. Specifically, let&#8217;s talk about how ridiculously easy it can be for someone to walk right into your corporate or military databases if you&#8217;re not paying attention. We&#8217;re talking about SQL Injection, or SQLi if you&#8217;re into acronyms, and honestly, it&#8217;s still one of the top ways organizations get royally screwed over online<a href=\"https:\/\/www.semanticscholar.org\/paper\/674b2f55ba01af0b2c02494f98bfcb7e2a97dc8e\" target=\"_blank\" rel=\"noreferrer noopener\">3<\/a><a href=\"https:\/\/www.semanticscholar.org\/paper\/cc2db339260b2aef2375664baa105d6625632c7e\" target=\"_blank\" rel=\"noreferrer noopener\">15<\/a>.\u00a0You might think your fancy firewalls and complex passwords have you covered, but this sneaky little bastard exploits the very way your applications talk to your databases. So, maybe lean in for a second, because this stuff matters.<\/p>\n\n\n\n<p>Alright, picture this: your web application needs to ask the database for some information, maybe a user&#8217;s login details or some product info. It sends a request using SQL (Structured Query Language), which is basically the language databases understand. Now, SQL Injection happens when some clever sod manages to slip their&nbsp;<em>own<\/em>&nbsp;SQL commands into the data your application sends to the database<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.brightsec.com\/blog\/sql-injection-attack\/\">2<\/a><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.radware.com\/cyberpedia\/application-security\/sql-injection\/\">19<\/a>.&nbsp;Think of it like someone hijacking the intercom to give their own orders alongside the official ones.<\/p>\n\n\n\n<p>How do they pull this off? Well, often it&#8217;s through simple input fields \u2013 search bars, login forms, URL parameters, you name it<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.brightsec.com\/blog\/sql-injection-attack\/\">2<\/a>.&nbsp;If your application isn&#8217;t properly checking and cleaning up what users type in, an attacker can craft input that includes bits of SQL code. When your application naively tacks this user input onto its own SQL command and sends it off, the database might just execute the attacker&#8217;s malicious instructions right along with the legitimate request<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.brightsec.com\/blog\/sql-injection-attack\/\">2<\/a><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/stackoverflow.com\/questions\/5468425\/how-do-parameterized-queries-help-against-sql-injection\">18<\/a>.Suddenly, they&#8217;re not just searching for &#8216;Blue Widgets&#8217;; they&#8217;re telling your database to dump out user credentials or maybe just delete everything for kicks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"why-should-you-sitting-up-there-actually-care\">Why Should You, Sitting Up There, Actually Care?<\/h2>\n\n\n\n<p>So, some nerd figures out how to talk to your database. Big deal, right? Wrong. Dead wrong. A successful SQLi attack isn&#8217;t just a technical glitch; it&#8217;s a potential catastrophe waiting to happen. Here\u2019s the kind of day-ruining impact we&#8217;re talking about:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Your Secrets Aren&#8217;t Secret Anymore:<\/strong>\u00a0Attackers can grab\u00a0<em>everything<\/em>. Usernames, passwords, credit card details, sensitive personal information, classified documents, intellectual property \u2013 if it&#8217;s in the database, it&#8217;s potentially theirs for the taking<a href=\"https:\/\/www.brightsec.com\/blog\/sql-injection-attack\/\" target=\"_blank\" rel=\"noreferrer noopener\">2<\/a><a href=\"https:\/\/cyble.com\/knowledge-hub\/what-is-sql-injection\/\" target=\"_blank\" rel=\"noreferrer noopener\">17<\/a><a href=\"https:\/\/www.radware.com\/cyberpedia\/application-security\/sql-injection\/\" target=\"_blank\" rel=\"noreferrer noopener\">19<\/a>.\u00a0Think about the competitive or strategic advantage lost. Ouch.<\/li>\n\n\n\n<li><strong>Data Gets Messed With (Or Deleted):<\/strong>\u00a0They don&#8217;t just have to steal data; they can change it or wipe it out completely<a href=\"https:\/\/www.brightsec.com\/blog\/sql-injection-attack\/\" target=\"_blank\" rel=\"noreferrer noopener\">2<\/a>.\u00a0Imagine mission-critical records being altered, financial data fudged, or entire tables just&#8230; gone<a href=\"https:\/\/www.brightsec.com\/blog\/sql-injection-attack\/\" target=\"_blank\" rel=\"noreferrer noopener\">2<\/a>.Good luck explaining that.<\/li>\n\n\n\n<li><strong>They Get the Keys to the Kingdom:<\/strong>\u00a0Sometimes, SQLi lets attackers gain deeper access, maybe even executing commands on the server hosting the database<a href=\"https:\/\/www.brightsec.com\/blog\/sql-injection-attack\/\" target=\"_blank\" rel=\"noreferrer noopener\">2<\/a><a href=\"https:\/\/www.radware.com\/cyberpedia\/application-security\/sql-injection\/\" target=\"_blank\" rel=\"noreferrer noopener\">19<\/a>.\u00a0From there, they can potentially pivot to other systems on your network. It&#8217;s like leaving your front door unlocked and finding someone has moved into your entire house<a href=\"https:\/\/www.brightsec.com\/blog\/sql-injection-attack\/\" target=\"_blank\" rel=\"noreferrer noopener\">2<\/a>.<\/li>\n\n\n\n<li><strong>Money Down the Drain:<\/strong>\u00a0The financial fallout can be brutal. You&#8217;ve got costs for incident response, forensic analysis, legal battles, regulatory fines (hello, GDPR, HIPAA, PCI violations)<a href=\"https:\/\/www.linkedin.com\/pulse\/understanding-preventing-sql-injection-attacks-trolleyesecurity-03bxe\" target=\"_blank\" rel=\"noreferrer noopener\">8<\/a><a href=\"https:\/\/www.liquidweb.com\/blog\/database-audit\/\" target=\"_blank\" rel=\"noreferrer noopener\">6<\/a><a href=\"https:\/\/cyble.com\/knowledge-hub\/what-is-sql-injection\/\" target=\"_blank\" rel=\"noreferrer noopener\">17<\/a>, and the simple loss of business while you clean up the mess<a href=\"https:\/\/www.linkedin.com\/pulse\/understanding-preventing-sql-injection-attacks-trolleyesecurity-03bxe\" target=\"_blank\" rel=\"noreferrer noopener\">8<\/a>.<\/li>\n\n\n\n<li><strong>Your Reputation Takes a Beating:<\/strong>\u00a0Nothing says &#8220;we don&#8217;t have our act together&#8221; like a major data breach. Trust, whether from customers, partners, or the public, is damn hard to win back once it&#8217;s lost<a href=\"https:\/\/www.linkedin.com\/pulse\/understanding-preventing-sql-injection-attacks-trolleyesecurity-03bxe\" target=\"_blank\" rel=\"noreferrer noopener\">8<\/a><a href=\"https:\/\/cyble.com\/knowledge-hub\/what-is-sql-injection\/\" target=\"_blank\" rel=\"noreferrer noopener\">17<\/a>.<\/li>\n\n\n\n<li><strong>Compliance Headaches:<\/strong>\u00a0Many industries have strict rules about data protection<a href=\"https:\/\/www.linkedin.com\/pulse\/understanding-preventing-sql-injection-attacks-trolleyesecurity-03bxe\" target=\"_blank\" rel=\"noreferrer noopener\">8<\/a>.\u00a0An SQLi breach can put you squarely on the wrong side of those regulations, leading to fines and painful audits<a href=\"https:\/\/www.liquidweb.com\/blog\/database-audit\/\" target=\"_blank\" rel=\"noreferrer noopener\">6<\/a>.<\/li>\n<\/ul>\n\n\n\n<p>Seriously, the potential damage ranges from embarrassing to existential<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/cyble.com\/knowledge-hub\/what-is-sql-injection\/\">17<\/a><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.radware.com\/cyberpedia\/application-security\/sql-injection\/\">19<\/a>.&nbsp;It\u2019s a risk you flat-out cannot afford to ignore<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.linkedin.com\/pulse\/understanding-preventing-sql-injection-attacks-trolleyesecurity-03bxe\">8<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"fine-youve-scared-me-how-do-we-stop-this-madness\">Fine, You&#8217;ve Scared Me. How Do We Stop This Madness?<\/h2>\n\n\n\n<p>Look, the good news is that SQLi is largely preventable. It requires diligence, but it&#8217;s not black magic. Here are the non-negotiable basics you need to hammer into your tech teams and ensure are actually happening:<\/p>\n\n\n\n<p><strong>1. Parameterized Queries (The Silver Bullet&#8230; Mostly):<\/strong><br>This is probably the single most effective defense. Instead of just mashing user input together with your SQL commands, you use placeholders. The database is specifically told, &#8220;This chunk of stuff here? It&#8217;s just data. Treat it as data, no matter what it looks like. Don&#8217;t you&nbsp;<em>dare<\/em>&nbsp;execute it.&#8221;<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.sqlshack.com\/using-parameterized-queries-to-avoid-sql-injection\/\">14<\/a><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/stackoverflow.com\/questions\/5468425\/how-do-parameterized-queries-help-against-sql-injection\">18<\/a><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.vumetric.com\/blog\/what-is-input-validation-in-sql-injection\/\">4<\/a><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.legitsecurity.com\/aspm-knowledge-base\/how-to-prevent-sql-injection\">12<\/a>.&nbsp;It completely separates the command instructions from the potentially dodgy input<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.sqlshack.com\/using-parameterized-queries-to-avoid-sql-injection\/\">14<\/a><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/stackoverflow.com\/questions\/5468425\/how-do-parameterized-queries-help-against-sql-injection\">18<\/a>.&nbsp;Most modern programming frameworks support this, so there\u2019s really no excuse not to use it<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.semanticscholar.org\/paper\/fd2ae7f848ed7ea06dc1d4c014f5923b01fae9cf\">1<\/a><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.semanticscholar.org\/paper\/292fe9405aa4bf171b611b083ec8e3d6b6ada4bc\">11<\/a><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/SQL_Injection_Prevention_Cheat_Sheet.html\">16<\/a>.&nbsp;And yeah, even if you&#8217;re using fancy stored procedures, make sure&nbsp;<em>they<\/em>&nbsp;use parameterization inside, otherwise, they can be just as vulnerable<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.indusface.com\/blog\/how-to-stop-sql-injection\/\">20<\/a><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.legitsecurity.com\/aspm-knowledge-base\/how-to-prevent-sql-injection\">12<\/a>.<\/p>\n\n\n\n<p><strong>2. Input Validation (Trust No One, Verify Everything):<\/strong><br>Anything coming into your system from the outside world \u2013 user forms, API calls, file uploads \u2013 needs rigorous checking&nbsp;<em>on the server side<\/em><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.vumetric.com\/blog\/what-is-input-validation-in-sql-injection\/\">4<\/a>.&nbsp;Don&#8217;t just rely on checks in the user&#8217;s browser; those are easily bypassed<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.vumetric.com\/blog\/what-is-input-validation-in-sql-injection\/\">4<\/a>.&nbsp;Define exactly what&nbsp;<em>kind<\/em>of data you expect (e.g., numbers only, specific date format, email address pattern) and reject anything that doesn&#8217;t fit. A &#8220;whitelist&#8221; or &#8220;allow-list&#8221; approach is best \u2013 only accept known good patterns, rather than trying to guess all the bad ones<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.vumetric.com\/blog\/what-is-input-validation-in-sql-injection\/\">4<\/a><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.legitsecurity.com\/aspm-knowledge-base\/how-to-prevent-sql-injection\">12<\/a>.&nbsp;Think of it as a strict bouncer checking IDs at the door<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.vumetric.com\/blog\/what-is-input-validation-in-sql-injection\/\">4<\/a>.<\/p>\n\n\n\n<p><strong>3. Principle of Least Privilege (Need-to-Know, Applied):<\/strong><br>This should be second nature, especially in sensitive environments. Every user account, every application service account connecting to the database, should have the&nbsp;<em>absolute minimum<\/em>&nbsp;set of permissions required to do its specific job, and nothing more<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/bigid.com\/blog\/principle-of-least-privilege-access\/\">5<\/a><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.pynt.io\/learning-hub\/owasp-top-10-guide\/sql-injection-types-examples-prevention-cheat-sheet\">7<\/a><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.legitsecurity.com\/aspm-knowledge-base\/how-to-prevent-sql-injection\">12<\/a>.&nbsp;If an application only needs to read data, don&#8217;t give its account permission to write or delete<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.legitsecurity.com\/aspm-knowledge-base\/how-to-prevent-sql-injection\">12<\/a>.&nbsp;That way, even if an attacker compromises an account via SQLi or some other method, the amount of damage they can do is significantly limited<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.pynt.io\/learning-hub\/owasp-top-10-guide\/sql-injection-types-examples-prevention-cheat-sheet\">7<\/a><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.legitsecurity.com\/aspm-knowledge-base\/how-to-prevent-sql-injection\">12<\/a>.&nbsp;Default to denying access unless explicitly required<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/bigid.com\/blog\/principle-of-least-privilege-access\/\">5<\/a>.<\/p>\n\n\n\n<p><strong>4. Regular Security Audits &amp; Monitoring (Keep Your Eyes Open):<\/strong><br>You can&#8217;t just set up defenses and walk away. You need constant vigilance. This means:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Regular Audits:<\/strong>\u00a0Periodically review who has access to what, check database configurations, and analyze activity logs for anything suspicious<a href=\"https:\/\/www.liquidweb.com\/blog\/database-audit\/\" target=\"_blank\" rel=\"noreferrer noopener\">6<\/a><a href=\"https:\/\/www.deverg.global\/blog\/database-security-threat-management-t4ahe\" target=\"_blank\" rel=\"noreferrer noopener\">10<\/a>.\u00a0Are there weird login attempts? Unexpected data modifications?<a href=\"https:\/\/www.liquidweb.com\/blog\/database-audit\/\" target=\"_blank\" rel=\"noreferrer noopener\">6<\/a><\/li>\n\n\n\n<li><strong>Patching:<\/strong>\u00a0Keep your database software, operating systems, and applications updated with the latest security patches. Known vulnerabilities are low-hanging fruit for attackers<a href=\"https:\/\/www.deverg.global\/blog\/database-security-threat-management-t4ahe\" target=\"_blank\" rel=\"noreferrer noopener\">10<\/a>.<\/li>\n\n\n\n<li><strong>Vulnerability Scanning &amp; Pen Testing:<\/strong>\u00a0Regularly scan your applications for weaknesses like SQLi, and consider periodic penetration tests where ethical hackers simulate attacks to find holes you missed<a href=\"https:\/\/cyble.com\/knowledge-hub\/what-is-sql-injection\/\" target=\"_blank\" rel=\"noreferrer noopener\">17<\/a><a href=\"https:\/\/www.indusface.com\/blog\/how-to-stop-sql-injection\/\" target=\"_blank\" rel=\"noreferrer noopener\">20<\/a>.<\/li>\n\n\n\n<li><strong>Web Application Firewalls (WAFs):<\/strong>\u00a0These can act as an additional filter, sitting in front of your web applications and trying to spot and block common attacks like SQLi before they even reach your code<a href=\"https:\/\/www.semanticscholar.org\/paper\/674b2f55ba01af0b2c02494f98bfcb7e2a97dc8e\" target=\"_blank\" rel=\"noreferrer noopener\">3<\/a><a href=\"https:\/\/www.linkedin.com\/pulse\/understanding-preventing-sql-injection-attacks-trolleyesecurity-03bxe\" target=\"_blank\" rel=\"noreferrer noopener\">8<\/a><a href=\"https:\/\/www.legitsecurity.com\/aspm-knowledge-base\/how-to-prevent-sql-injection\" target=\"_blank\" rel=\"noreferrer noopener\">12<\/a><a href=\"https:\/\/cyble.com\/knowledge-hub\/what-is-sql-injection\/\" target=\"_blank\" rel=\"noreferrer noopener\">17<\/a>.\u00a0Think of it as extra security guards watching the traffic coming in. Newer tools like Oracle&#8217;s SQL Firewall even use fancy techniques like machine learning to spot bad queries<a href=\"https:\/\/www.semanticscholar.org\/paper\/fd2ae7f848ed7ea06dc1d4c014f5923b01fae9cf\" target=\"_blank\" rel=\"noreferrer noopener\">1<\/a>.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"your-job-in-all-this-yes-you\">Your Job in All This (Yes, You)<\/h2>\n\n\n\n<p>Listen, cybersecurity isn&#8217;t just the IT department&#8217;s headache anymore. Especially with threats as fundamental and damaging as SQL Injection, leadership plays a critical role<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.linkedin.com\/pulse\/understanding-preventing-sql-injection-attacks-trolleyesecurity-03bxe\">8<\/a>.&nbsp;You need to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Set the Tone:<\/strong>\u00a0Make it crystal clear that security is a top priority, not an afterthought or a corner to be cut<a href=\"https:\/\/www.linkedin.com\/pulse\/understanding-preventing-sql-injection-attacks-trolleyesecurity-03bxe\" target=\"_blank\" rel=\"noreferrer noopener\">8<\/a>.\u00a0Foster a culture where secure practices are expected and rewarded.<\/li>\n\n\n\n<li><strong>Allocate Resources:<\/strong>\u00a0Good security isn&#8217;t free. Ensure your teams have the budget, tools, and trained personnel they need to implement these defenses effectively<a href=\"https:\/\/www.linkedin.com\/pulse\/understanding-preventing-sql-injection-attacks-trolleyesecurity-03bxe\" target=\"_blank\" rel=\"noreferrer noopener\">8<\/a>.\u00a0Don&#8217;t cheap out here.<\/li>\n\n\n\n<li><strong>Demand Policies &amp; Enforcement:<\/strong>\u00a0Establish clear security policies covering things like secure coding standards, input validation, and access control. Then, make sure they&#8217;re actually followed<a href=\"https:\/\/www.linkedin.com\/pulse\/understanding-preventing-sql-injection-attacks-trolleyesecurity-03bxe\" target=\"_blank\" rel=\"noreferrer noopener\">8<\/a>.<\/li>\n\n\n\n<li><strong>Back Your Teams:<\/strong>\u00a0Work\u00a0<em>with<\/em>\u00a0your IT and security folks. Understand the threats they&#8217;re dealing with and support their efforts to mitigate them<a href=\"https:\/\/www.linkedin.com\/pulse\/understanding-preventing-sql-injection-attacks-trolleyesecurity-03bxe\" target=\"_blank\" rel=\"noreferrer noopener\">8<\/a>.<\/li>\n\n\n\n<li><strong>Require Accountability:<\/strong>\u00a0Implement monitoring and demand regular reports on security posture, detected threats, and the effectiveness of your defenses<a href=\"https:\/\/www.linkedin.com\/pulse\/understanding-preventing-sql-injection-attacks-trolleyesecurity-03bxe\" target=\"_blank\" rel=\"noreferrer noopener\">8<\/a><a href=\"https:\/\/www.liquidweb.com\/blog\/database-audit\/\" target=\"_blank\" rel=\"noreferrer noopener\">6<\/a>.\u00a0Ask tough questions.<\/li>\n<\/ul>\n\n\n\n<p>SQL Injection is an old threat, but it&#8217;s depressingly persistent because people get complacent or cut corners<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.semanticscholar.org\/paper\/292fe9405aa4bf171b611b083ec8e3d6b6ada4bc\">11<\/a><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.semanticscholar.org\/paper\/d3e2a9736075699c03ebf3c0c84535a72edd4bdf\">13<\/a><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.semanticscholar.org\/paper\/cc2db339260b2aef2375664baa105d6625632c7e\">15<\/a>.Implementing layered defenses like parameterized queries, strict input validation, least privilege, and continuous monitoring isn&#8217;t optional; it&#8217;s fundamental to protecting your organization&#8217;s data, reputation, and operational capability<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.linkedin.com\/pulse\/understanding-preventing-sql-injection-attacks-trolleyesecurity-03bxe\">8<\/a><a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.radware.com\/cyberpedia\/application-security\/sql-injection\/\">19<\/a>.&nbsp;Don&#8217;t be the next cautionary tale. Get this stuff sorted.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Sauces for all the letters in this thing:<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/fd2ae7f848ed7ea06dc1d4c014f5923b01fae9cf\">https:\/\/www.semanticscholar.org\/paper\/fd2ae7f848ed7ea06dc1d4c014f5923b01fae9cf<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.brightsec.com\/blog\/sql-injection-attack\/\">https:\/\/www.brightsec.com\/blog\/sql-injection-attack\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/674b2f55ba01af0b2c02494f98bfcb7e2a97dc8e\">https:\/\/www.semanticscholar.org\/paper\/674b2f55ba01af0b2c02494f98bfcb7e2a97dc8e<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.vumetric.com\/blog\/what-is-input-validation-in-sql-injection\/\">https:\/\/www.vumetric.com\/blog\/what-is-input-validation-in-sql-injection\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/bigid.com\/blog\/principle-of-least-privilege-access\/\">https:\/\/bigid.com\/blog\/principle-of-least-privilege-access\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.liquidweb.com\/blog\/database-audit\/\">https:\/\/www.liquidweb.com\/blog\/database-audit\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.pynt.io\/learning-hub\/owasp-top-10-guide\/sql-injection-types-examples-prevention-cheat-sheet\">https:\/\/www.pynt.io\/learning-hub\/owasp-top-10-guide\/sql-injection-types-examples-prevention-cheat-sheet<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.linkedin.com\/pulse\/understanding-preventing-sql-injection-attacks-trolleyesecurity-03bxe\">https:\/\/www.linkedin.com\/pulse\/understanding-preventing-sql-injection-attacks-trolleyesecurity-03bxe<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.velotix.ai\/resources\/blog\/database-security-best-practices\/\">https:\/\/www.velotix.ai\/resources\/blog\/database-security-best-practices\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.deverg.global\/blog\/database-security-threat-management-t4ahe\">https:\/\/www.deverg.global\/blog\/database-security-threat-management-t4ahe<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/292fe9405aa4bf171b611b083ec8e3d6b6ada4bc\">https:\/\/www.semanticscholar.org\/paper\/292fe9405aa4bf171b611b083ec8e3d6b6ada4bc<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.legitsecurity.com\/aspm-knowledge-base\/how-to-prevent-sql-injection\">https:\/\/www.legitsecurity.com\/aspm-knowledge-base\/how-to-prevent-sql-injection<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/d3e2a9736075699c03ebf3c0c84535a72edd4bdf\">https:\/\/www.semanticscholar.org\/paper\/d3e2a9736075699c03ebf3c0c84535a72edd4bdf<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.sqlshack.com\/using-parameterized-queries-to-avoid-sql-injection\/\">https:\/\/www.sqlshack.com\/using-parameterized-queries-to-avoid-sql-injection\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/cc2db339260b2aef2375664baa105d6625632c7e\">https:\/\/www.semanticscholar.org\/paper\/cc2db339260b2aef2375664baa105d6625632c7e<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/SQL_Injection_Prevention_Cheat_Sheet.html\">https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/SQL_Injection_Prevention_Cheat_Sheet.html<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/cyble.com\/knowledge-hub\/what-is-sql-injection\/\">https:\/\/cyble.com\/knowledge-hub\/what-is-sql-injection\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/stackoverflow.com\/questions\/5468425\/how-do-parameterized-queries-help-against-sql-injection\">https:\/\/stackoverflow.com\/questions\/5468425\/how-do-parameterized-queries-help-against-sql-injection<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.radware.com\/cyberpedia\/application-security\/sql-injection\/\">https:\/\/www.radware.com\/cyberpedia\/application-security\/sql-injection\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.indusface.com\/blog\/how-to-stop-sql-injection\/\">https:\/\/www.indusface.com\/blog\/how-to-stop-sql-injection\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.sentinelone.com\/cybersecurity-101\/cybersecurity\/sql-injection\/\">https:\/\/www.sentinelone.com\/cybersecurity-101\/cybersecurity\/sql-injection\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/c1d6cdaab6b0156981cb6aa2244ec695f71dc4c5\">https:\/\/www.semanticscholar.org\/paper\/c1d6cdaab6b0156981cb6aa2244ec695f71dc4c5<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/7435d50205f0e18a27bb190be758bc85e5002d60\">https:\/\/www.semanticscholar.org\/paper\/7435d50205f0e18a27bb190be758bc85e5002d60<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.enterprisedb.com\/blog\/protecting-against-sql-injection\">https:\/\/www.enterprisedb.com\/blog\/protecting-against-sql-injection<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.sentinelone.com\/cybersecurity-101\/cybersecurity\/types-of-sql-injection\/\">https:\/\/www.sentinelone.com\/cybersecurity-101\/cybersecurity\/types-of-sql-injection\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/zuplo.com\/blog\/2025\/02\/28\/how-to-secure-apis-from-sql-injection-vulnerabilities\">https:\/\/zuplo.com\/blog\/2025\/02\/28\/how-to-secure-apis-from-sql-injection-vulnerabilities<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/biztechmagazine.com\/article\/2023\/09\/what-are-sql-injections-and-what-risk-businesses-perfcon\">https:\/\/biztechmagazine.com\/article\/2023\/09\/what-are-sql-injections-and-what-risk-businesses-perfcon<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/owasp.org\/www-community\/attacks\/SQL_Injection\">https:\/\/owasp.org\/www-community\/attacks\/SQL_Injection<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.mdpi.com\/1999-5903\/17\/4\/156\">https:\/\/www.mdpi.com\/1999-5903\/17\/4\/156<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/SQL_Injection_Prevention_Cheat_Sheet.html\">https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/SQL_Injection_Prevention_Cheat_Sheet.html<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.invicti.com\/blog\/web-security\/sql-injection-cheat-sheet\/\">https:\/\/www.invicti.com\/blog\/web-security\/sql-injection-cheat-sheet\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.acunetix.com\/websitesecurity\/sql-injection\/\">https:\/\/www.acunetix.com\/websitesecurity\/sql-injection\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.crowdstrike.com\/en-us\/cybersecurity-101\/cyberattacks\/sql-injection-attack\/\">https:\/\/www.crowdstrike.com\/en-us\/cybersecurity-101\/cyberattacks\/sql-injection-attack\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/auxin.io\/sql-injection-risks-real-world-examples-and-the-role-of-auxin-security\/\">https:\/\/auxin.io\/sql-injection-risks-real-world-examples-and-the-role-of-auxin-security\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/cxotoday.com\/sponsored\/a-major-threat-to-business-sql-injection-attack\/\">https:\/\/cxotoday.com\/sponsored\/a-major-threat-to-business-sql-injection-attack\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/c7881a94f27988866d51603b84ab4c8032e8f348\">https:\/\/www.semanticscholar.org\/paper\/c7881a94f27988866d51603b84ab4c8032e8f348<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/25fd6a96b7cc3c8e49f91586b62cc95270687d31\">https:\/\/www.semanticscholar.org\/paper\/25fd6a96b7cc3c8e49f91586b62cc95270687d31<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/snyk.io\/blog\/getting-started-query-parameterization\/\">https:\/\/snyk.io\/blog\/getting-started-query-parameterization\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.linkedin.com\/pulse\/importance-input-validation-preventing-sql-injection-cross-site-f9zcc\">https:\/\/www.linkedin.com\/pulse\/importance-input-validation-preventing-sql-injection-cross-site-f9zcc<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/techcommunity.microsoft.com\/blog\/azuresqlblog\/security-the-principle-of-least-privilege-polp\/2067390\">https:\/\/techcommunity.microsoft.com\/blog\/azuresqlblog\/security-the-principle-of-least-privilege-polp\/2067390<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.sentinelone.com\/cybersecurity-101\/cybersecurity\/data-security-audit\/\">https:\/\/www.sentinelone.com\/cybersecurity-101\/cybersecurity\/data-security-audit\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.w3schools.com\/sql\/sql_injection.asp\">https:\/\/www.w3schools.com\/sql\/sql_injection.asp<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/threats\/how-to-prevent-sql-injection-attacks\/\">https:\/\/www.esecurityplanet.com\/threats\/how-to-prevent-sql-injection-attacks\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.syteca.com\/en\/blog\/the-principle-of-least-privilege\">https:\/\/www.syteca.com\/en\/blog\/the-principle-of-least-privilege<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.metomic.io\/resource-centre\/8-steps-to-data-security-excellence-in-your-organisation\">https:\/\/www.metomic.io\/resource-centre\/8-steps-to-data-security-excellence-in-your-organisation<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/Query_Parameterization_Cheat_Sheet.html\">https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/Query_Parameterization_Cheat_Sheet.html<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.kiuwan.com\/blog\/top-5-best-practices-for-developers-on-preventing-sql-injections-attacks\/\">https:\/\/www.kiuwan.com\/blog\/top-5-best-practices-for-developers-on-preventing-sql-injections-attacks\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/en.wikipedia.org\/wiki\/Principle_of_least_privilege\">https:\/\/en.wikipedia.org\/wiki\/Principle_of_least_privilege<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/iarminfo.com\/database-security-audit\/\">https:\/\/iarminfo.com\/database-security-audit\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.radware.com\/cyberpedia\/application-security\/sql-injection\/\">https:\/\/www.radware.com\/cyberpedia\/application-security\/sql-injection\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.indusface.com\/blog\/how-to-stop-sql-injection\/\">https:\/\/www.indusface.com\/blog\/how-to-stop-sql-injection\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/satoricyber.com\/database-security\/top-10-database-security-best-practices\/\">https:\/\/satoricyber.com\/database-security\/top-10-database-security-best-practices\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.percona.com\/blog\/best-practices-for-database-security\/\">https:\/\/www.percona.com\/blog\/best-practices-for-database-security\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.linkedin.com\/advice\/0\/what-most-effective-sql-injection-prevention-techniques-k5fue\">https:\/\/www.linkedin.com\/advice\/0\/what-most-effective-sql-injection-prevention-techniques-k5fue<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.sans.org\/white-papers\/23\/\">https:\/\/www.sans.org\/white-papers\/23\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/negg.blog\/en\/corporate-database-security-strategies-and-best-practices\/\">https:\/\/negg.blog\/en\/corporate-database-security-strategies-and-best-practices\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/security.berkeley.edu\/education-awareness\/database-hardening-best-practices\">https:\/\/security.berkeley.edu\/education-awareness\/database-hardening-best-practices<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.linkedin.com\/advice\/0\/youre-discussing-data-security-non-it-executives-xrxte\">https:\/\/www.linkedin.com\/advice\/0\/youre-discussing-data-security-non-it-executives-xrxte<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.syteca.com\/en\/blog\/data-security-best-practices\">https:\/\/www.syteca.com\/en\/blog\/data-security-best-practices<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/c5eb779fdcbcfcd1cc5d5735ce29785f0a5aa99c\">https:\/\/www.semanticscholar.org\/paper\/c5eb779fdcbcfcd1cc5d5735ce29785f0a5aa99c<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/arxiv.org\/abs\/2308.01990\">https:\/\/arxiv.org\/abs\/2308.01990<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/08e3d13d6d86da9247efe0c07b542cfbe4eb33d2\">https:\/\/www.semanticscholar.org\/paper\/08e3d13d6d86da9247efe0c07b542cfbe4eb33d2<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/3a4d7cd0f38ce3b4bdf529e47d07ffabbfd7ec26\">https:\/\/www.semanticscholar.org\/paper\/3a4d7cd0f38ce3b4bdf529e47d07ffabbfd7ec26<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.legitsecurity.com\/aspm-knowledge-base\/how-to-prevent-sql-injection\">https:\/\/www.legitsecurity.com\/aspm-knowledge-base\/how-to-prevent-sql-injection<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.imperva.com\/learn\/application-security\/sql-injection-sqli\/\">https:\/\/www.imperva.com\/learn\/application-security\/sql-injection-sqli\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/dev.to\/abhay_yt_52a8e72b213be229\/the-impact-of-sql-injection-understanding-the-potential-risks-and-consequences-51m7\">https:\/\/dev.to\/abhay_yt_52a8e72b213be229\/the-impact-of-sql-injection-understanding-the-potential-risks-and-consequences-51m7<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/brightsec.com\/blog\/sql-injection-attack\/\">https:\/\/brightsec.com\/blog\/sql-injection-attack\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/a9c3f8bd2673d5d5a53a39e9a568182afa1c05a5\">https:\/\/www.semanticscholar.org\/paper\/a9c3f8bd2673d5d5a53a39e9a568182afa1c05a5<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/fb6e0b196fd78d8cbdf44c7db992e50ac6fadeae\">https:\/\/www.semanticscholar.org\/paper\/fb6e0b196fd78d8cbdf44c7db992e50ac6fadeae<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/7f66c4d76f8268623387b8bc8dc0bda59a3b303b\">https:\/\/www.semanticscholar.org\/paper\/7f66c4d76f8268623387b8bc8dc0bda59a3b303b<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/99a9ebd4ff4c9db94248f7a7a913e451f79918af\">https:\/\/www.semanticscholar.org\/paper\/99a9ebd4ff4c9db94248f7a7a913e451f79918af<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/b687c5ddefedef048b79dd75639c731351274680\">https:\/\/www.semanticscholar.org\/paper\/b687c5ddefedef048b79dd75639c731351274680<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/3731f5c401e10be39311102ecb43b681d638ee74\">https:\/\/www.semanticscholar.org\/paper\/3731f5c401e10be39311102ecb43b681d638ee74<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/qwiet.ai\/solving-sql-injection-parameterized-queries-vs-stored-procedures\/\">https:\/\/qwiet.ai\/solving-sql-injection-parameterized-queries-vs-stored-procedures\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/pubmed.ncbi.nlm.nih.gov\/29506050\/\">https:\/\/pubmed.ncbi.nlm.nih.gov\/29506050\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC4178527\/\">https:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC4178527\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/pubmed.ncbi.nlm.nih.gov\/12186516\/\">https:\/\/pubmed.ncbi.nlm.nih.gov\/12186516\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/pubmed.ncbi.nlm.nih.gov\/17014397\/\">https:\/\/pubmed.ncbi.nlm.nih.gov\/17014397\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/1265171367a2a0ce95c0179253a855c6a86ca962\">https:\/\/www.semanticscholar.org\/paper\/1265171367a2a0ce95c0179253a855c6a86ca962<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/fcb7de5ade57e19ea5d5560552fc4618d6fe994f\">https:\/\/www.semanticscholar.org\/paper\/fcb7de5ade57e19ea5d5560552fc4618d6fe994f<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/cyble.com\/knowledge-hub\/what-is-sql-injection\/\">https:\/\/cyble.com\/knowledge-hub\/what-is-sql-injection\/<\/a><\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><\/p>\n<div class=\"ttr_end\"><\/div>","protected":false},"excerpt":{"rendered":"<p>The post discusses the vulnerabilities of databases, particularly highlighting SQL Injection (SQLi) as a major security threat. It explains how attackers can exploit weak input validation to gain unauthorized access and manipulate sensitive data, leading to dire consequences including financial loss and reputational damage. Preventative measures focus on secure coding practices and ongoing vigilance.<\/p>\n","protected":false},"author":1,"featured_media":600,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2,7,8,30,52],"tags":[151,150,152,149,148],"class_list":{"0":"post-597","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","6":"hentry","7":"category-cyber-security","8":"category-digital-ethics","9":"category-global-risks","10":"category-privacy","11":"category-social-engineering","12":"tag-corporate-risks","13":"tag-database","14":"tag-global-risks","15":"tag-sql-injection","16":"tag-sqli","18":"fallback-thumbnail"},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/lars-hilse.de\/lhx18\/wp-content\/uploads\/2025\/05\/What-in-Gods-Name-is-SQL-Injection.png?fit=960%2C640&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paluiP-9D","jetpack_likes_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/597","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/comments?post=597"}],"version-history":[{"count":2,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/597\/revisions"}],"predecessor-version":[{"id":615,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/597\/revisions\/615"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/media\/600"}],"wp:attachment":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/media?parent=597"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/categories?post=597"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/tags?post=597"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}