SQL Injection is he process of passing SQL code into an application in a

what is sql Injection?

Question Posted / srikant dwibedi

4 Answers
9066 Views
Microsoft, I also Faced
E-Mail Answers

Answer Posted / srikant dwibedi

SQL Injection is he process of passing SQL code into an
application in a way that was not intended by the
application developer or it is a strategy for attacking
databases.

Example
An ASP page asks the user for a name and a password.
SELECT FROM users WHERE username="whatever" AND
password="mypassword".
It seems safe,but it is not. A user might enter somthing
like this 'OR 1>0....
when this is plugged into the SQL statewments the result
looks like this:
SELECT FROM users WHERE username="OR 1>0 " AND
password=" ";
This injectin comments out of the password portion of the
statement. It results in a list of all the names in the
users table. So any user could get into your system.

Is This Answer Correct ?

3 Yes

2 No

Post New Answer View All Answers

Please Help Members By Posting Answers For Below Questions

What is the DataTableCollection?

776

Describe connection object in ado.net

741

What is the functionality of data provider in ado.net?

662

What is a column variable?

671

Which object is used to add relationship between two Datatables?

770

What is an orm, and why would you use one instead of plain old ado.net?

780

What is the difference between dataset and datatable?

696

What is the advantage of ado.net?

741

What is data relation?

672

Do we use stored procedure in ADO.Net?

733

Explain sqlconnection object?

740

Explain all the classes those are used for database connections between sql server and asp.net?

733

What is partial class?

721

Why is ADO.NET serialization slower than ADO ?

787

How can we load multiple tables in to dataset?

783