Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Scripts >> VB Script
  2. Suggest New Category

When inserting strings into a SQL table in ASP what is the
risk and how can you prevent it?

Question Posted / panigrahi_saroj30


When inserting strings into a SQL table in ASP what is the risk and how can you prevent it?..

Answer / nandhu

The risk associated if not properly taken care of is
something called as "SQL Injection" attack.

This means you could

say in Username textfield on the html frontend or any
frontend, is possible to type something like the following
to by pass the security mechanism and get access to the
protected area of the site or application.

Type the following in Username or Password or both and
click on login/submit or equivalent button.

' or 'x' = 'x'

Is This Answer Correct ?    0 Yes 1 No

Post New Answer

More VB Script Interview Questions

if u ve resrevation for train and u get a number supose 1234xxxokie.after sucessul entering all required fields. now u put that number in search and want to chk wether these ar same or not if both ar same then its okie otherwise test fail.what would be the vb script code for it to compare these two values of different page.

0 Answers  

How to pass the parameter from one function to another function in VB Scripting?

1 Answers   Fastenal,

What is the differene between QTP 8.2 and QTP 9.0 and QTP 9.1,Pls give me answer ASAP.

3 Answers   Accenture,

i have a problem with this error(this error related edit and delete button,when i click this button in datagrid..i will get this error)"Invalid postback or callback argument. Event validation is enabled using <pages enableEventValidation="true"/> in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation." this is my code : <%@ Page Language="VB" Debug="false" %> <%@ import Namespace="Sytem.Data" %> <%@ import Namespace="System.Data.OleDB" %> <script runat="server"> Sub Page_Load(Src As Object, E As EventArgs) Dim ds As new System.Data.Dataset Dim dbconnection as System.Data.OleDb.OleDbConnection try Dim WhereIsTheDatabase as String = System.Web.HttpContext.Current.Server.mappath("./LeaveDB.mdb") Dim dbstr as String= "Provider=Microsoft.Jet.OLEDB.4.0; Data Source="&WhereIsTheDatabase &";User ID=admin ;Password=" dbconnection=New System.Data.OleDb.OleDbConnection(dbstr) Dim dbcommand As New System.Data.OleDb.OleDbCommand Dim da As New System.Data.OleDb.OleDbDataAdapter dbconnection.Open() dbcommand.CommandText="SELECT * FROM Leave Order By Leave_ID" dbcommand.Connection=dbconnection da.SelectCommand=dbcommand da.Fill(ds) Catch Ex as Exception throw new Exception("Error detection" &Ex.Message) finally dbconnection.Close() End Try dtgridLeaveList.DataSource=ds dtgridLeaveList.DataBind() if ds.Tables.count > 0 then Dim dt as System.Data.DataTable = ds.Tables(0) dtgridLeaveList.DataBind() else MyJSLabel.text = "<script>window.alert('No Record in the Access file.')</"&"script>" End if End Sub Sub UpdateList(Byval Source As Object,Byval e as DataGridCommandEventArgs) If e.CommandName="Edit" Then Dim LeaveID as Integer=CInt(val(CType(e.Item.FindControl("lblLeaveID"), Label).Text)) Dim DateApplied As String=CType(e.Item.FindControl("lblDateApplied"), Label).Text Dim ICNO as String = CType(e.Item.FindControl("lblICNO"), Label).Text Dim DaysMax as Integer= CInt(val(CType(e.Item.FindControl("lblDaysMax"), Label).Text)) Dim LeaveStart As Date=CDate(CType(e.Item.FindControl("lblLeaveStart"), Label).Text) Dim LeaveEnd As Date= CDate(CType(e.Item.FindControl("lblLeaveEnd"), Label).Text) Dim TypeofLeave As String=CType(e.Item.FindControl("lblTypeOfLeave"), Label).Text Dim Reason As String=Ctype(e.Item.FindControl("lblReason"), Label).Text Dim NoOfDays as Integer=CInt(val(CType(e.Item.FindControl("lblNoOfDays"), Label).Text)) Dim BalanceAnnualLeaveCF as String=CType(e.Item.FindControl("lblBalanceAnnualLeaveCF"), Label).Text Dim BalanceAnnualLeaveBF as Integer=CInt(val(CType(e.Item.FindControl("lblBalanceAnnualLeaveBF"), Label).Text)) Dim AnnualLeaveEntitle As Integer= CInt(val(CType(e.Item.FindControl("lblAnnualLeaveEntitle"), Label).Text)) Dim TotalAnnualLeave as Integer=CInt(val(CType(e.Item.FindControl("lblTotalAnnualLeave"), Label).Text)) Dim LessAnnualLeaveTaken as Integer=CInt(val(CType(e.Item.FindControl("lblLessAnnualLeaveTaken"), Label).Text)) Dim BalanceAnnualLeave as Integer=CInt(val(CType(e.Item.FindControl("lblBalanceAnnualLeave"), Label).Text)) Dim str as String="LeaveID=" &LeaveID.ToString &"&DateApplied=" &DateApplied &"&ICNO=" &ICNO &"&DaysMax=" &DaysMax &"&LeaveStart=" &LeaveStart & "&LeaveEnd=" &LeaveEnd & "&TypeofLeave=" &TypeofLeave & "&Reason=" &Reason & "&NoOfDays=" &NoOfDays & "&BalanceAnnualLeaveCF=" &BalanceAnnualLeaveCF & "&BalanceAnnualLeaveBF=" &BalanceAnnualLeaveBF & "&AnnualLeaveEntitle=" &AnnualLeaveEntitle & "&TotalAnnualLeave=" &TotalAnnualLeave & "&LessAnnualLeaveTaken=" &LessAnnualLeaveTaken & "&BalanceAnnualLeave=" &BalanceAnnualLeave Response.Redirect("Leave Info.aspx?" &str) End If End Sub Sub OnDelete(Byval sender as Object, Byval e as DataGridCommandEventArgs) If e.CommandName="Delete" Then Dim ds As new System.Data.Dataset Dim dbconnection as System.Data.OleDb.OleDbConnection Dim WhereIsTheDatabase as String = System.Web.HttpContext.Current.Server.mappath("./LeaveDB.mdb") Dim dbstr as String= "Provider=Microsoft.Jet.OLEDB.4.0; Data Source="&WhereIsTheDatabase &";User ID=admin ;Password=" dbconnection=New System.Data.OleDb.OleDbConnection(dbstr) Dim dbcommand As New System.Data.OleDb.OleDbCommand Dim da As New System.Data.OleDb.OleDbDataAdapter dbconnection.Open() dbCommand.CommandText="DELETE FROM Leave WHERE Leave_ID=" &e.Item.Cells(1).Text dbCommand.ExecuteNonQuery dbcommand.CommandText="SELECT * FROM Leave Order By Leave_ID" dbcommand.Connection=dbconnection da.SelectCommand=dbcommand da.Fill(ds) dbconnection.Close() dtgridLeaveList.DataSource=ds dtgridLeaveList.DataBind() End If End Sub </script> <html> <head> </head> <body> <form runat="server"> <font face="Arial Narrow" size="4">(Search Based On Staff I.C No)</font> <font face="Arial Narrow"></font> <font face="Arial Narrow><font size="4">IC.No</font> </font> <asp:TextBox id="TextBox1" runat="server" Width="264px"></asp:TextBox> <font face="Arial Narrow"> </font> <asp:Button id="Button1" runat="server" Text="Search"></asp:Button> (XXXXXX-XX-XXXX) <font face="Arial Narrow">&nbsp;</font> <asp:DataGrid id="dtgridLeaveList" runat="server" OnEditCommand="UpdateList" OnDeleteCommand="OnDelete" AutoGenerateColumns="False" Font-Size="Medium" Font-Names="Arial Narrow"> <SelectedItemStyle backcolor="Blue" font-bold="False" font-italic="False" font-overline="False" font-strikeout="False" font-underline="False"></SelectedItemStyle> <Columns> <asp:TemplateColumn HeaderText="Leave ID" Visible="False"> <ItemTemplate> <asp:Label id="lblLeaveID" text='<%# DataBinder.Eval(Container.DataItem,"Leave_ID") %>' runat="server"></asp:Label> </ItemTemplate> </asp:TemplateColumn> <asp:TemplateColumn HeaderText="Date Applied"> <ItemTemplate> <asp:Label id="lblDateApplied" text='<%#DataBinder.Eval(Container.DataItem,"DateLeaveApplied") %>' runat="server"></asp:Label> </ItemTemplate> <HeaderStyle backcolor="White" font-bold="False" font-italic="False" font-overline="False" font-strikeout="False" font-underline="False"></HeaderStyle> <ItemStyle backcolor="White" font-bold="False" font-italic="False" font-overline="False" font-strikeout="False" font-underline="False"></ItemStyle> </asp:TemplateColumn> <asp:TemplateColumn HeaderText="I.C No"> <ItemTemplate> <asp:Label id="lblICNO" text='<%# DataBinder.Eval(Container.DataItem,"ICNo") %>' runat="server"></asp:Label> </ItemTemplate> </asp:TemplateColumn> <asp:TemplateColumn HeaderText="Days Max"> <ItemTemplate> <asp:Label id="lblDaysMax" text='<%# DataBinder.Eval(Container.DataItem,"AnnualLeaveEntitle") %>' runat="server"></asp:Label> </ItemTemplate> </asp:TemplateColumn> <asp:TemplateColumn HeaderText="Leave Start"> <ItemTemplate> <asp:Label id="lblLeaveStart" text='<%# DataBinder.Eval(Container.DataItem,"Leave_Start") %>' runat="server"></asp:Label> </ItemTemplate> </asp:TemplateColumn> <asp:TemplateColumn HeaderText="Leave End"> <ItemTemplate> <asp:Label id="lblLeaveEnd" text='<%# DataBinder.Eval(Container.DataItem,"Leave_End") %>' runat="server"></asp:Label> </ItemTemplate> </asp:TemplateColumn> <asp:TemplateColumn HeaderText="Type of Leave"> <ItemTemplate> <asp:Label id="lblTypeOfLeave" text='<%# DataBinder.Eval(Container.DataItem,"TypeOfLeave") %>' runat="server"></asp:Label> </ItemTemplate> </asp:TemplateColumn> <asp:TemplateColumn HeaderText="Reason"> <ItemTemplate> <asp:Label id="lblReason" text='<%# DataBinder.Eval(Container.DataItem,"Reason") %>' runat="server"></asp:Label> </ItemTemplate> </asp:TemplateColumn> <asp:TemplateColumn HeaderText="No of Days"> <ItemTemplate> <asp:Label id="lblNoOfDays" text='<%# DataBinder.Eval(Container.DataItem,"NoOfDays") %>' runat="server"></asp:Label> </ItemTemplate> </asp:TemplateColumn> <asp:TemplateColumn HeaderText="Balance Annual Leave C/F"> <ItemTemplate> <asp:Label id="lblBalanceAnnualLeaveCF" text='<%# DataBinder.Eval(Container.DataItem,"Remarks") %>' runat="server"></asp:Label> </ItemTemplate> <HeaderStyle backcolor="LightGray" font-bold="False" font-italic="False" font-overline="False" font-strikeout="False" font-underline="False"></HeaderStyle> <ItemStyle backcolor="Yellow" font-bold="False" font-italic="False" font-overline="False" font-strikeout="False" font-underline="False"></ItemStyle> </asp:TemplateColumn> <asp:TemplateColumn HeaderText="Balance Annual Leave B/F"> <ItemTemplate> <asp:Label id="lblBalanceAnnualLeaveBF" text='<%# DataBinder.Eval(Container.DataItem,"BalanceAnnualLeaveBF") %>' runat="server"></asp:Label> </ItemTemplate> <HeaderStyle backcolor="LightGray" font-bold="False" font-italic="False" font-overline="False" font-strikeout="False" font-underline="False"></HeaderStyle> <ItemStyle backcolor="Yellow" font-bold="False" font-italic="False" font-overline="False" font-strikeout="False" font-underline="False"></ItemStyle> </asp:TemplateColumn> <asp:TemplateColumn HeaderText="Annual Leave Entitle"> <ItemTemplate> <asp:Label id="lblAnnualLeaveEntitle" text='<%# DataBinder.Eval(Container.DataItem,"AnnualLeaveEntitle") %>' runat="server"></asp:Label> </ItemTemplate> <HeaderStyle backcolor="LightGray" font-bold="False" font-italic="False" font-overline="False" font-strikeout="False" font-underline="False"></HeaderStyle> <ItemStyle backcolor="Yellow" font-bold="False" font-italic="False" font-overline="False" font-strikeout="False" font-underline="False"></ItemStyle> </asp:TemplateColumn> <asp:TemplateColumn HeaderText="Total Annual Leave"> <ItemTemplate> <asp:Label id="lblTotalAnnualLeave" text='<%# DataBinder.Eval(Container.DataItem,"TotalAnnualLeave") %>' runat="server"></asp:Label> </ItemTemplate> </asp:TemplateColumn> <asp:TemplateColumn HeaderText="Less Annual Leave Taken"> <ItemTemplate> <asp:Label id="lblLessAnnualLeaveTaken" text='<%# DataBinder.Eval(Container.DataItem,"LessAnnualTaken") %>' runat="server"></asp:Label> </ItemTemplate> </asp:TemplateColumn> <asp:TemplateColumn HeaderText="Balance Annual Leave"> <ItemTemplate> <asp:Label id="lblBalanceAnnualLeave" text='<%# DataBinder.Eval(Container.DataItem,"BalanceAnnualLeave") %>' runat="server"></asp:Label> </ItemTemplate> </asp:TemplateColumn> <asp:ButtonColumn ButtonType="PushButton" CommandName="Edit" Text="Edit" HeaderText="Update"></asp:ButtonColumn> <asp:ButtonColumn ButtonType="PushButton" CommandName="Delete" Text="Delete" HeaderText="Remove Record"></asp:ButtonColumn> </Columns> </asp:DataGrid> <font face="Arial Narrow"></font> <font face="Arial Narrow"><font size="4">Total Leave Taken : <asp:TextBox id="txtTotalLeaveTaken" runat="server" Width="35px"></asp:TextBox> Days<asp:Button id="Button3" runat="server" Text="Calculate"></asp:Button> </font></font> <font face="Arial Narrow"> <asp:Button id="Button4" runat="server" Width="82px" Text="Back" Height="26px"></asp:Button> </font><asp:Label id="MyJSLabel" runat="server"></asp:Label> </form> </body> </html>

0 Answers  

Explain about filter expression?

0 Answers  

What are the rules to name variable in vbscript?

0 Answers  

How to copy from one script to another script in qtp

4 Answers  

What is the event handling in vbscript?

0 Answers  

How can I access an object in another frame?

1 Answers  

What is difference between Active screen and movie screen recorder in QTP 9.2?

1 Answers  

What are the naming conventions while declaring a variable in the vbscript language?

0 Answers  

can anybody tell vb script code for alphanumeric and special character .which is used in qtp the name text field.

1 Answers  

For more VB Script Interview Questions Click Here
Categories