An SQL injection attack "injects" or manipulates SQL code by ad

What is SQL injection?

Question Posted / p.ramakrishna

2 Answers
5937 Views
I also Faced
E-Mail Answers

Answer Posted / p.ramakrishna

An SQL injection attack "injects" or manipulates SQL code
by adding unexpected SQL to a query.
Many web pages take parameters from web user, and make SQL
query to the database. Take for instance when a user login,
web page that user name and password and make SQL query to
the database to check if a user has valid name and password.
Username: ' or 1=1 ---
Password: [Empty]
This would execute the following query against the users
table:
select count(*) from users where userName='' or 1=1 --' and
userPass=''

Is This Answer Correct ?

5 Yes

1 No

Post New Answer View All Answers

Please Help Members By Posting Answers For Below Questions

What is windows active directory authentication?

792

How can we use Web API with ASP.NET Web Form?

838

Differentiate between globalization and localization.

757

Is asp.net and .net are same or different?

735

What is a response cookie?

855

What does passport and windows authentication mean in ASP.NET?

902

What is asp according to you?

752

How do I open an ashx file in windows 7?

783

What is form method?

719

What is the difference between web.config and machine.config in ASP.NET?

848

What are cookies in your browser?

739

What is a session in programming?

766

Can you set which type of comparison you want to perform by the comparevalidator control?

725

Explain diff. Between friend and protected friend?

700

What are client activated objects?

796