Answer Posted / venkat reddy.ravu
SQL injection is nothing but inserting malicious code with
the strings and later which will pass to the particular SQL
server instances which may damage the database or may
corrupt bthe data
For exaple:
var EmpName;
EmpName= Request.form ("EmpName");
var sql = "select * from Employee where EmpName= '" +
EmpName+ "'";
If you considers the above query and if user prompts to
enter the input as Scott,
Then query processed like this
select * from Employee where EmpName='Scott'
If user enters the input as below,
Scott,drop table Employee
In this case your query will be processed as below
select * from Employee where Ename='Scott',drop table emp
So,first select statement will be executed and then table
will be dropped.
Nothing but without standard of coding an expertised user
may damages or corrupt the databases.
To avoid SQL injection attacks:-
1)Use Parameterized Input with Stored Procedures
2)Use the Parameters Collection with Dynamic SQL
3)Filtering Input
4)LIKE Clauses
Is This Answer Correct ? | 2 Yes | 0 No |
Post New Answer View All Answers
Can you edit the .rdl code associated with a linked report?
Is there any difference between primary key and unique with the not null condition?
How to create an identity column?
How to list all stored procedures in the current database using ms sql server?
What is exclusive locks?
What are the 3 types of schema?
How to assign new column names in a view?
What is identity?
What is nonclustered index with included columns ?
Name and describe few console utilities for ssrs?
How to check parameter value in stored procedure sql server?
Explain indexed views?
Why the trigger fires multiple times in single login?
how you can list all the tables in a database?
What is purpose of normalization?