= inferential SQL injection

olemus
SQL-süst, mida ründaja kasutab siis, kui ta ei saa näha tulemusi otseselt: ta saadab küsimusi loogikaavaldistena, mille tõesust ta hindab kaudselt, sihtmärgi käitumise muutumise järgi
= a type of SQL injection where the attacker does not receive an obvious response from the attacked database and instead reconstructs the database structure step-by-step by observing the behavior of the database server and the application

ülevaateid
https://en.wikipedia.org/wiki/SQL_injection#Blind_SQL_injection
https://www.owasp.org/index.php/Blind_SQL_Injection
https://www.cisecurity.org/wp-content/uploads/2017/05/SQL-Injection-White-Paper2.pdf
https://www.wordfence.com/learn/how-to-prevent-sql-injection-attacks/

tõrje
https://blogs.msdn.microsoft.com/brian_swan/2010/03/04/whats-the-right-way-to-prevent-sql-injection-in-php-scripts/
http://blog.scottlogic.com/2016/02/11/SQL-injection.html
http://file.scirp.org/pdf/JCC_2014060414023519.pdf