what is sql injection in sql server?
Answers were Sorted based on User's Feedback
Answer / venkat reddy.ravu
SQL injection is nothing but inserting malicious code with
the strings and later which will pass to the particular SQL
server instances which may damage the database or may
corrupt bthe data
For exaple:
var EmpName;
EmpName= Request.form ("EmpName");
var sql = "select * from Employee where EmpName= '" +
EmpName+ "'";
If you considers the above query and if user prompts to
enter the input as Scott,
Then query processed like this
select * from Employee where EmpName='Scott'
If user enters the input as below,
Scott,drop table Employee
In this case your query will be processed as below
select * from Employee where Ename='Scott',drop table emp
So,first select statement will be executed and then table
will be dropped.
Nothing but without standard of coding an expertised user
may damages or corrupt the databases.
To avoid SQL injection attacks:-
1)Use Parameterized Input with Stored Procedures
2)Use the Parameters Collection with Dynamic SQL
3)Filtering Input
4)LIKE Clauses
Is This Answer Correct ? | 2 Yes | 0 No |
Answer / pankaj kumar
SQL injection is something where an end user of an application is able to submit SQL queries through the user interface and end up running those queries, causing potential damage to the database.
Is This Answer Correct ? | 1 Yes | 0 No |
What is the difference between varchar and varchar types?
How to delete particular value in the column of a table.Is it possible or not?if possible give it as in query.
Do you know what is fill factor and pad index?
What are the steps to insert a table?
What are pessimistic lock and optimistic lock?
What is the syntax for encrypting a column in SQL Server?
What happens if you add a new index to large table?
what are different types of backups available in sql server? Given a particular scenario, how would you go about choosing a backup plan? : Sql server database administration
What is the difference between a Local temporary table and a Global temporary table? How is each one used?
How can windows applications connect to sql servers via odbc?
How do you size a resultset?
In join, which clause in not used?