Websites can still be hacked using SQL injection – Tom explains how sites written in PHP (and other languages too) can be vulnerable and have basic security issues.

More from Tom Scott: and

Follow the Cookie Trail:
CERN Computing Centre & Mouse Farm:

This video was filmed and edited by Sean Riley.

Computerphile is a sister project to Brady Haran’s Numberphile. See the full list of Brady’s video projects at:


  1. Me and my friend always joked about naming a kid "DropTable" in our IS SQL intro course.
    But I guess now I realized it should be something along the lines of: Frank";Droptable

  2. i am dot net developer , but i know lettle php i think php developers uses PDO which they can avoid the injection i use entity framework that's helps me to avoid injection

  3. That's… ridiculous. How was (is?) a such thing even possible?, it's beyond dumb.
    Found this video looking for info on how hacking works. It's beyond my understanding why operating system, gadgets, networks can't be hacker safe.


Please enter your comment!
Please enter your name here