Answer Posted / srikant dwibedi
SQL Injection is he process of passing SQL code into an
application in a way that was not intended by the
application developer or it is a strategy for attacking
databases.
Example
An ASP page asks the user for a name and a password.
SELECT FROM users WHERE username="whatever" AND
password="mypassword".
It seems safe,but it is not. A user might enter somthing
like this 'OR 1>0....
when this is plugged into the SQL statewments the result
looks like this:
SELECT FROM users WHERE username="OR 1>0 " AND
password=" ";
This injectin comments out of the password portion of the
statement. It results in a list of all the names in the
users table. So any user could get into your system.
Is This Answer Correct ? | 3 Yes | 2 No |
Post New Answer View All Answers
What are the major challenges in accessing data from a database?
What is ado.net code?
What are the benefits of using ado.net?
What are the steps you will take to improve performance? Will you use dataset or datareader?
What is the meaning of executenonquery?
Can we create Synonymns in MS Acess,My Sql Server,Sql Server? But iam we can create in oracle!
What is method to get XML and schema from Dataset? getXML() and get Schema ()
What is data view and variable view?
Explain the difference in an abstract class and an interface?
What are different layers of ADO.Net?
What is sql command in ado net?
What is ado in agriculture?
What DataReader class do in ADO.NET ?
What provider ado.net use by default? Explain the role of data provider in ado.net? What is the role of data provider in ado.net?
can we create synonymn in ms access,sql server,my sql if so explain me with example