Answer Posted / srikant dwibedi
SQL Injection is he process of passing SQL code into an
application in a way that was not intended by the
application developer or it is a strategy for attacking
databases.
Example
An ASP page asks the user for a name and a password.
SELECT FROM users WHERE username="whatever" AND
password="mypassword".
It seems safe,but it is not. A user might enter somthing
like this 'OR 1>0....
when this is plugged into the SQL statewments the result
looks like this:
SELECT FROM users WHERE username="OR 1>0 " AND
password=" ";
This injectin comments out of the password portion of the
statement. It results in a list of all the names in the
users table. So any user could get into your system.
| Is This Answer Correct ? | 3 Yes | 2 No |
Post New Answer View All Answers
Explain how can we load multiple tables in to dataset?
What we do with the object of ado.net dataset after using it?
What is ado connection?
Define isolation?
Which method is used to sort the data in ADO.Net?
What is row state?
Describe datareader object of ado.net with example.
Explain why edit is not possible in repeater?
What is executenonquery ado.net?
Is ado.net dead?
Explain the advantages and disadvantages of using datalist?
Why do we serialize data?
What are all features of ADO.Net?
What DataReader class do in ADO.NET ?
What is the difference between the clone() and copy() methods of the dataset class?
