Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Databases >> SQL Server
  2. Suggest New Category

1.Describe way(s) to tune the SQL table in order to
optimize performance.

2. Explain SQL Injection and how can you prevent them?

Question Posted / raghu_113


1.Describe way(s) to tune the SQL table in order to optimize performance. 2. Explain SQL Inject..

Answer / jerry joseph

1. identify and create optimal indexes for your tables

every table should have at least a clustered index

Indexes should be considered on all columns that are
frequently accessed by the WHERE, ORDER BY, GROUP BY, TOP,
and DISTINCT clauses

Static tables can be more heavily indexed that dynamic tables

2. An SQL Injection attack is a form of attack that comes
from user input that has not been checked to see that it is
valid. The objective is to fool the database system into
running malicious code that will reveal sensitive
information or otherwise compromise the server.

Example:
StrSQL = "SELECT * from Users WHERE username = '" +
txtUserName.Text + "' AND password = '" + txtPassword.Text +
"'";
if txtUserName is entered as "admin' OR 1 = 1;--" the query
becomes
"SELECT * from Users WHERE username = 'admin' OR 1 = 1;--'
AND password = '" + txtPassword.Text + "'"
user logs in as admin

Prevention :
Use Parameterized Queries or Stored Procedures to prevent
SQL Injection.

Is This Answer Correct ?    0 Yes 0 No

Post New Answer

More SQL Server Interview Questions

what is hash nonclustered index

0 Answers  

Can you create a logon trigger in sql server 2005 express edition?

0 Answers  

What is the tcp/ip port on which sql server runs?

0 Answers  

Are semicolons required at the end of sql statements in sql server 2005?

0 Answers  

What is the maximum size of column in sql server?

0 Answers  

How to delete all rows with truncate table statement in ms sql server?

0 Answers  

What is the purpose of using COLLATE in a query?

1 Answers  

What is read uncmmited?

0 Answers  

what is normalization? : Sql server database administration

0 Answers  

What is BCNF? How is it better than 2NF & 3NF?

0 Answers   Essar,

What is a Stored Procedure?

8 Answers  

MULTICAST DELEGATES IN C#.NET WITH REAL TIME EXAMPLE

2 Answers   IBM, TCS,

For more SQL Server Interview Questions Click Here
Categories