Answer Posted / reva ram sahu
SQL Injection happens when a developer accepts user input
that is directly placed into a SQL Statement and doesn't
properly filter out dangerous characters. This can allow an
attacker to not only steal data from your database, but also
modify and delete it. Certain SQL Servers such as Microsoft
SQL Server contain Stored and Extended Procedures (database
server functions). If an attacker can obtain access to these
Procedures it may be possible to compromise the entire
machine. Attackers commonly insert single qoutes into a
URL's query string, or into a forms input field to test for
SQL Injection. If an attacker receives an error message like
the one below there is a good chance that the application is
vulnerable to SQL Injection.
| Is This Answer Correct ? | 6 Yes | 1 No |
Post New Answer View All Answers
Which sql server table is used to hold the stored procedure scripts?
Do you know sql server 2008 backup compression?
What is difference between order by and group by?
What are group functions in query statements in ms sql server?
What changes in the front end code is needed if mirroring is implemented for the high availability? : sql server database administration
Give an example of SQL injection attack ?
What are the advantages of stored procedure in sql server?
difference between Clustered index and non clustered index ?
How can you insert values in multiple rows using one Insert statement?
What are distributed partitioned views?
What is set nocount on?
What is a partition key?
What are the restraints imposed on the table design by a merge replication?
What are the authentication modes in sql server? How can it be changed?
Explain system scalar functions?
