Interested to Buy Any Domain ? << Click Here >> for more details...
Answer Posted / srikant dwibedi
SQL Injection is he process of passing SQL code into an
application in a way that was not intended by the
application developer or it is a strategy for attacking
databases.
Example
An ASP page asks the user for a name and a password.
SELECT FROM users WHERE username="whatever" AND
password="mypassword".
It seems safe,but it is not. A user might enter somthing
like this 'OR 1>0....
when this is plugged into the SQL statewments the result
looks like this:
SELECT FROM users WHERE username="OR 1>0 " AND
password=" ";
This injectin comments out of the password portion of the
statement. It results in a list of all the names in the
users table. So any user could get into your system.
| Is This Answer Correct ? | 3 Yes | 2 No |
Post New Answer View All Answers
What is execute reader in ado.net?
How can we add/remove row's in "datatable" object of "dataset"?
What are the advantages and disadvantages of using datalist?
What is the meaning of executenonquery?
What are the different ado.net namespaces?
What are the several execute methods of ado.net?
What connected data?
How to check if a datareader is closed or opened? IsClosed()
What is ado and dao?
Which is faster datareader or dataadapter?
What is an example of ordinal data?
Explain why edit is not possible in repeater?
What are the parameters that control most of connection pooling behaviors?
Describe the command object and its method.
Name which operations can you not perform on an ado.net dataset?
