1.Describe way(s) to tune the SQL table in order to
optimize performance.
2. Explain SQL Injection and how can you prevent them?
Answer / jerry joseph
1. identify and create optimal indexes for your tables
every table should have at least a clustered index
Indexes should be considered on all columns that are
frequently accessed by the WHERE, ORDER BY, GROUP BY, TOP,
and DISTINCT clauses
Static tables can be more heavily indexed that dynamic tables
2. An SQL Injection attack is a form of attack that comes
from user input that has not been checked to see that it is
valid. The objective is to fool the database system into
running malicious code that will reveal sensitive
information or otherwise compromise the server.
Example:
StrSQL = "SELECT * from Users WHERE username = '" +
txtUserName.Text + "' AND password = '" + txtPassword.Text +
"'";
if txtUserName is entered as "admin' OR 1 = 1;--" the query
becomes
"SELECT * from Users WHERE username = 'admin' OR 1 = 1;--'
AND password = '" + txtPassword.Text + "'"
user logs in as admin
Prevention :
Use Parameterized Queries or Stored Procedures to prevent
SQL Injection.
Is This Answer Correct ? | 0 Yes | 0 No |
What is it unwise to create wide clustered index keys?
Do you know exporting and importing utility?
Write a query to include a constraint, to check whether the employee salary is greater than 5000?
How to delete an existing row with delete statements in ms sql server?
What is abstracting periodical?
How to locate and take substrings with charindex() and substring() functions?
How can I create a table from another table without copying any values from the old table?
Tell me about the approaches which you used to counter the DI problems.
What is dbcc command in sql server?
Difference between Cluster and Non-cluster index?
32 Answers Accenture, Agility e-Services, eClinicalWorks, HCL, Infosys, Oracle, Satyam, Yardi,
What do you need to connect php to sql server?
What are alternate keys?