Answer Posted / reva ram sahu
SQL Injection happens when a developer accepts user input
that is directly placed into a SQL Statement and doesn't
properly filter out dangerous characters. This can allow an
attacker to not only steal data from your database, but also
modify and delete it. Certain SQL Servers such as Microsoft
SQL Server contain Stored and Extended Procedures (database
server functions). If an attacker can obtain access to these
Procedures it may be possible to compromise the entire
machine. Attackers commonly insert single qoutes into a
URL's query string, or into a forms input field to test for
SQL Injection. If an attacker receives an error message like
the one below there is a good chance that the application is
vulnerable to SQL Injection.
| Is This Answer Correct ? | 6 Yes | 1 No |
Post New Answer View All Answers
You have developed an application which uses many stored procedures and triggers to update various tables users ocassionally get locking problems which tool is best suited to help you diagnose the problem?
What is replication and database mirroring?
How do I find the default sql server instance?
What is difference between sql and sql server?
What do you know about system database? : SQL Server Architecture
explain different levels of normalization? : Sql server database administration
How to grant a permission in ms sql server using "grant execute" statements?
Which is the latest version of sql server and when it is released?
What are the differences between clustered and non-clustered index?
How can you tell if a database object is invalid?
Explain different types of BACKUPs avaialabe in SQL Server? Given a particular scenario, how would you go about choosing a backup plan?
Define full outer join?
Explain what is lock escalation?
What is a with(nolock)?
Define synonym?
