Categories:
.NET (357)
C (330)
C++ (183)
CSS (84)
DBA (2)
General (7)
HTML (4)
Java (574)
JavaScript (106)
JSP (66)
Oracle (114)
Perl (46)
Perl (1)
PHP (1)
PL/SQL (1)
RSS (51)
Software QA (13)
SQL Server (1)
Windows (1)
XHTML (173)
Other Resources:
What is SQl injection
What is SQl injection ?
✍: Guest
It is a Form of attack on a database-driven Web site in which the attacker executes
unauthorized SQL commands by taking advantage of insecure code on a system connected
to the Internet, bypassing the firewall. SQL injection attacks are used to steal information
from a database from which the data would normally not be available and/or to gain
access to an organization’s host computers through the computer that is hosting the
database.
SQL injection attacks typically are easy to avoid by ensuring that a system has strong
input validation.
As name suggest we inject SQL which can be relatively dangerous for the database.
Example this is a simple SQL
SELECT email, passwd, login_id, full_name
FROM members
WHERE email = 'x'
Now somebody does not put “x” as the input but puts “x ; DROP TABLE members;”.
So the actual SQL which will execute is
SELECT email, passwd, login_id, full_name
FROM members
WHERE email = 'x' ; DROP TABLE members;
Think what will happen to your database.
2007-10-25, 5129👍, 0💬
Popular Posts:
How To Set session.gc_maxlifetime Properly? - PHP Script Tips - Understanding and Using Sessions As ...
Can include files be nested? The answer is yes. Include files can be nested any number of times. As ...
Once I have developed the COM wrapper do I have to still register the COM in registry? Yes.
What is CodeDom? “CodeDom” is an object model which represents actually a source code. It is designe...
How can I enable session tracking for JSP pages if the browser has disabled cookies? We know that se...