Answer Posted / venkat reddy.ravu
SQL injection is nothing but inserting malicious code with
the strings and later which will pass to the particular SQL
server instances which may damage the database or may
corrupt bthe data
For exaple:
var EmpName;
EmpName= Request.form ("EmpName");
var sql = "select * from Employee where EmpName= '" +
EmpName+ "'";
If you considers the above query and if user prompts to
enter the input as Scott,
Then query processed like this
select * from Employee where EmpName='Scott'
If user enters the input as below,
Scott,drop table Employee
In this case your query will be processed as below
select * from Employee where Ename='Scott',drop table emp
So,first select statement will be executed and then table
will be dropped.
Nothing but without standard of coding an expertised user
may damages or corrupt the databases.
To avoid SQL injection attacks:-
1)Use Parameterized Input with Stored Procedures
2)Use the Parameters Collection with Dynamic SQL
3)Filtering Input
4)LIKE Clauses
| Is This Answer Correct ? | 2 Yes | 0 No |
Post New Answer View All Answers
Please explain what is “asynchronous” communication in sql server service broker?
Why do we use functions?
What is the security model used in sql server 2005?
Working with TLogs
How do indexes help, types?
What is the need for group functions in sql?
Explain user defined views?
Define right outer join?
What does truncate do?
When a primary key constraint is included in a table, what other constraints does this imply?
What is the difference between lock, block and deadlock? : sql server database administration
How do you improve the performance of a SQL Azure Database?
How will you know when statistics on a table are obsolete?
What is a primary key?
What is the purpose of the tempdb database?
