Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Databases >> SQL Server
  2. Suggest New Category

what is sql injection in sql server?

Question Posted / manojpatil27@gmail.com

Answers were Sorted based on User's Feedback



what is sql injection in sql server?..

Answer / venkat reddy.ravu

SQL injection is nothing but inserting malicious code with
the strings and later which will pass to the particular SQL
server instances which may damage the database or may
corrupt bthe data

For exaple:


var EmpName;
EmpName= Request.form ("EmpName");
var sql = "select * from Employee where EmpName= '" +
EmpName+ "'";


If you considers the above query and if user prompts to
enter the input as Scott,

Then query processed like this

select * from Employee where EmpName='Scott'

If user enters the input as below,

Scott,drop table Employee
In this case your query will be processed as below

select * from Employee where Ename='Scott',drop table emp

So,first select statement will be executed and then table
will be dropped.

Nothing but without standard of coding an expertised user
may damages or corrupt the databases.

To avoid SQL injection attacks:-
1)Use Parameterized Input with Stored Procedures
2)Use the Parameters Collection with Dynamic SQL
3)Filtering Input
4)LIKE Clauses

Is This Answer Correct ?    2 Yes 0 No

what is sql injection in sql server?..

Answer / pankaj kumar

SQL injection is something where an end user of an application is able to submit SQL queries through the user interface and end up running those queries, causing potential damage to the database.

Is This Answer Correct ?    1 Yes 0 No

Post New Answer

More SQL Server Interview Questions

If any possiable to use 2 primary key in single table? How many primary key & foreign key used in each table(min & max)?

3 Answers  

What do you understand by hotfixes and patches in sql server?

0 Answers  

What is indexing in sql server with example?

0 Answers  

How to Install SQL SERVER 2005 remotely?

1 Answers   IBM,

there is a trigger defined for insert operations on a table, in an oltp system. The trigger is written to instantiate a com object and pass the newly inserted rows to it for some custom processing. What do you think of this implementation? Can this be implemented better? : Sql server database administration

0 Answers  

How do I list the available tables in a database I'm querying?

4 Answers  

What is Peer to peer Replication?

1 Answers   CarrizalSoft Technologies, HCL,

Hi, I have a table A which has four rows as follows Table A ------- empname salary ------- ------ A 1000 B 2000 C 3000 A 1000 B 2000 D 5000 I need the following output: empname salary ------- ------ A 1000 A 1000 B 2000 B 2000 Thanks in advance

10 Answers   IBM,

Do you have any idea about the tcl commands?

0 Answers  

How will u test the stroded procedures and functions? difference between SP and Triggers

2 Answers   TCS,

What are the parts of a function?

0 Answers  

What is the difference between MVC and Teir Architecher? Plz explain with Layyered Programming example...? Thanks

0 Answers   TCS,

For more SQL Server Interview Questions Click Here
Categories