SQL Injection is he process of passing SQL code into an application in a

what is sql Injection?

Question Posted / srikant dwibedi

4 Answers
8448 Views
Microsoft, I also Faced
E-Mail Answers

Answer Posted / srikant dwibedi

SQL Injection is he process of passing SQL code into an
application in a way that was not intended by the
application developer or it is a strategy for attacking
databases.

Example
An ASP page asks the user for a name and a password.
SELECT FROM users WHERE username="whatever" AND
password="mypassword".
It seems safe,but it is not. A user might enter somthing
like this 'OR 1>0....
when this is plugged into the SQL statewments the result
looks like this:
SELECT FROM users WHERE username="OR 1>0 " AND
password=" ";
This injectin comments out of the password portion of the
statement. It results in a list of all the names in the
users table. So any user could get into your system.

Is This Answer Correct ?

3 Yes

2 No

Post New Answer View All Answers

Please Help Members By Posting Answers For Below Questions

What are the advantage of ado.net?

523

What is ado object model?

519

How to creating a SqlCommand Object?

593

What is a dynaset in access?

523

How to add an aggregate column?

536

What is ado.net in mvc?

501

Explain what are the steps to connect to a database?

497

What is the difference between SqlCommand and SqlCommandBuilder?

589

Do we use stored procedure in ADO.Net?

574

What do you know about ado.net's objects?

500

Why is stored procedure used in ado.net?

549

What is ado full form?

506

What do you mean by performing asynchronous operation using command object?

514

What is the purpose of using adodb?

510

What is dataadapter in ado.net?

499