ALLInterview.com :: Home Page KalAajKal.com
 Advertise your Business Here     
Browse  |   Placement Papers  |   Company  |   Code Snippets  |   Certifications  |   Visa Questions
Post Question  |   Post Answer  |   My Panel  |   Search  |   Articles  |   Topics  |   ERRORS new
   Refer this Site  Refer This Site to Your Friends  Site Map  Bookmark this Site  Set it as your HomePage  Contact Us     Login  |  Sign Up                      
tip       Ask Questions on ANYTHING, that arise in your Daily Life at     FORUM9.COM
Google
 
Categories  >>  Software  >>  Databases  >>  SQL Server
 
 


 

 
 Oracle interview questions  Oracle Interview Questions
 SQL Server interview questions  SQL Server Interview Questions
 MS Access interview questions  MS Access Interview Questions
 MySQL interview questions  MySQL Interview Questions
 Postgre interview questions  Postgre Interview Questions
 Sybase interview questions  Sybase Interview Questions
 DB Architecture interview questions  DB Architecture Interview Questions
 DB Administration interview questions  DB Administration Interview Questions
 DB Development interview questions  DB Development Interview Questions
 SQL PLSQL interview questions  SQL PLSQL Interview Questions
 Databases AllOther interview questions  Databases AllOther Interview Questions
Question 
1.Describe way(s) to tune the SQL table in order to 
optimize performance.

2. Explain SQL Injection and how can you prevent them?
 Question Submitted By :: Raghu_113
I also faced this Question!!     Rank Answer Posted By  
 
  Re: 1.Describe way(s) to tune the SQL table in order to optimize performance. 2. Explain SQL Injection and how can you prevent them?
Answer
# 1		 
1. identify and create optimal indexes for your tables

every table should have at least a clustered index

Indexes should be considered on all columns that are
frequently accessed by the WHERE, ORDER BY, GROUP BY, TOP,
and DISTINCT clauses

Static tables can be more heavily indexed that dynamic tables

2. An SQL Injection attack is a form of attack that comes
from user input that has not been checked to see that it is
valid. The objective is to fool the database system into
running malicious code that will reveal sensitive
information or otherwise compromise the server.

Example:
StrSQL = "SELECT * from Users WHERE username = '" +
txtUserName.Text + "' AND password = '" + txtPassword.Text +
"'";
if txtUserName is entered as "admin' OR 1 = 1;--" the query
becomes 
"SELECT * from Users WHERE username = 'admin' OR 1 = 1;--'
AND password = '" + txtPassword.Text + "'"
user logs in as admin

Prevention : 
Use Parameterized Queries or Stored Procedures to prevent
SQL Injection.
 
Is This Answer Correct ?    0 Yes 0 No
Jerry Joseph
 

 
 
 
Other SQL Server Interview Questions
 
  Question Asked @ Answers
 
how to rename the table  3
How to select Distinct columns from the table, table having 20 columns and i want all coulmns Wipro3
What is INTVAL( )and where we use Plz any body help me  1
How to write query to Delete the records in child table and corresponding records in parent table Semantic-Space8
How to Check Whether a Global Temporary Exists in a SQL Database or not?  2
What is a table called, if it does not have neither Cluster nor Non-cluster Index?  1
Is it possible to delete duplicate rows in a table without using a temporary table ?  6
select empid empname from employee What is the result for the about query?  4
Hi SQL gurus, i am working for an MNC... My team is having a problem in sql server. when user slects date prompts from jan 1st to april 30, it should display all months data like : jan aa feb bb mar cc but when it comes to april its taking data like : jan aa feb bb mar cc apr dd...and so on means its taking data again from jan to april which we dont want. we want the data only april month as we are getting jan, feb and mar... can any one write the code to relsove the issue please would be greatful if you can send to shiva_sans@yahoo.co.in and also please send your email also ...so that we will be in touch for any kind of queries ... Thanks a lot in Advance !!!  1
can you any body tell me while running BCP Out in instance in sql server 2000 is getting error. Error = [Microsoft][ODBC SQL Server Driver][DBNETLIB]SQL Server does not exist or access denied.?  1
What are the OS services that the SQL Server installation adds?  1
what is the signification difference of this bit data type between sql 6.5 and later version sql server?  1
What is an extended stored procedure? Can you instantiate a COM object by using T-SQL? HCL3
is it possible to use a variable in a query with the IN clause (a,b,c..z), without getting quotes or conversion errors?  2
What are the main control-of-flow T-SQL constructs?  1
What is difference beteen Migration and Upgrdation? Satyam4
What is deadlock and how to avoid the deadlocks. Wipro3
how do we find every fifth record in a table  11
how many type of subquery?  2
IN Vs OR operator which is best to use sql server.  3
 
For more SQL Server Interview Questions Click Here 
 
 
 
 
 
   
Copyright Policy  |  Terms of Service  |  Help  |  Site Map 1  |  Articles  |  Site Map  |   Site Map  |  Contact Us interview questions urls   External Links 
   
Copyright © 2007  ALLInterview.com.  All Rights Reserved.

ALLInterview.com   ::  Forum9.com   ::  KalAajKal.com