Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Databases >> SQL Server
  2. Suggest New Category

what is sql injection in sql server?

Question Posted / venkat reddy.ravu

Answer Posted / venkat reddy.ravu

SQL injection is nothing but inserting malicious code with
the strings and later which will pass to the particular SQL
server instances which may damage the database or may
corrupt bthe data

For exaple:


var EmpName;
EmpName= Request.form ("EmpName");
var sql = "select * from Employee where EmpName= '" +
EmpName+ "'";


If you considers the above query and if user prompts to
enter the input as Scott,

Then query processed like this

select * from Employee where EmpName='Scott'

If user enters the input as below,

Scott,drop table Employee
In this case your query will be processed as below

select * from Employee where Ename='Scott',drop table emp

So,first select statement will be executed and then table
will be dropped.

Nothing but without standard of coding an expertised user
may damages or corrupt the databases.

To avoid SQL injection attacks:-
1)Use Parameterized Input with Stored Procedures
2)Use the Parameters Collection with Dynamic SQL
3)Filtering Input
4)LIKE Clauses

Is This Answer Correct ?    2 Yes 0 No



Post New Answer       View All Answers


Please Help Members By Posting Answers For Below Questions

When is the use of update_statistics command?

949

State a few properties of relational databases?

1060

How to list all dsn entries on your local machine using odbc_data_source()?

976

What are the advantages of paper records?

907

How can I check that whether automatic statistic update is enabled or not?

984

What are subquery and its properties?

979

What is a covered index?

889

what are the disadvantages of cursors? : Sql server database administration

969

Which Model uses the SET concept

929

What is sql service broker?

929

Suppose you want to implement the following relationships while designing tables. How would you do it?a.) One-to-oneb.) One-to-manyc.) Many-to-many

887

How do I install sql server?

841

What are the functions in sql server?

900

hi, how to link a text file and a .rpt file in my tables of sql server and to retrieve those records for further use. reply me as soon as possible.

2024

What is t-sql script to take database offline – take database online.

1021