Categories:
.NET (357)
C (330)
C++ (183)
CSS (84)
DBA (2)
General (7)
HTML (4)
Java (574)
JavaScript (106)
JSP (66)
Oracle (114)
Perl (46)
Perl (1)
PHP (1)
PL/SQL (1)
RSS (51)
Software QA (13)
SQL Server (1)
Windows (1)
XHTML (173)
Other Resources:
What is SQl injection
What is SQl injection ?
✍: Guest
It is a Form of attack on a database-driven Web site in which the attacker executes
unauthorized SQL commands by taking advantage of insecure code on a system connected
to the Internet, bypassing the firewall. SQL injection attacks are used to steal information
from a database from which the data would normally not be available and/or to gain
access to an organization’s host computers through the computer that is hosting the
database.
SQL injection attacks typically are easy to avoid by ensuring that a system has strong
input validation.
As name suggest we inject SQL which can be relatively dangerous for the database.
Example this is a simple SQL
SELECT email, passwd, login_id, full_name
FROM members
WHERE email = 'x'
Now somebody does not put “x” as the input but puts “x ; DROP TABLE members;”.
So the actual SQL which will execute is
SELECT email, passwd, login_id, full_name
FROM members
WHERE email = 'x' ; DROP TABLE members;
Think what will happen to your database.
2007-10-25, 5244👍, 0💬
Popular Posts:
How do we access attributes using “XmlReader”? Below snippets shows the way to access attributes. Fi...
What is the purpose of finalization? The purpose of finalization is to give an unreachable object th...
Is XHTML Element Name Case Sensitive? - XHTML Tutorials - Introduction To Tag and Attribute Syntax Y...
How to create arrays in JavaScript? We can declare an array like this var scripts = new Array(); We ...
.NET INTERVIEW QUESTIONS - What is Suspend and Resume in Threading ? It is Similar to Sleep and Inte...