Answer / venkat reddy.ravu

SQL injection is nothing but inserting malicious code with
the strings and later which will pass to the particular SQL
server instances which may damage the database or may
corrupt bthe data

For exaple:


var EmpName;
EmpName= Request.form ("EmpName");
var sql = "select * from Employee where EmpName= '" +
EmpName+ "'";


If you considers the above query and if user prompts to
enter the input as Scott,

Then query processed like this

select * from Employee where EmpName='Scott'

If user enters the input as below,

Scott,drop table Employee
In this case your query will be processed as below

select * from Employee where Ename='Scott',drop table emp

So,first select statement will be executed and then table
will be dropped.

Nothing but without standard of coding an expertised user
may damages or corrupt the databases.

To avoid SQL injection attacks:-
1)Use Parameterized Input with Stored Procedures
2)Use the Parameters Collection with Dynamic SQL
3)Filtering Input
4)LIKE Clauses

Answer / pankaj kumar

SQL injection is something where an end user of an application is able to submit SQL queries through the user interface and end up running those queries, causing potential damage to the database.

What does Master database contains?

0 Answers   Abacus,

---

Can we perform backup restore operation on tempdb?

0 Answers  

---

What is view in sql?

0 Answers  

---

What is a join in sql?

0 Answers  

---

What is page-level compression?

0 Answers  

---

---

In which files does sql server actually store data?

0 Answers  

---

What is instead of trigger sql server?

0 Answers  

---

What stored by the msdb? : sql server database administration

0 Answers  

---

What is constraints and its types?

0 Answers  

---

What is the purpose of UPDATE STATISTICS?

2 Answers  

---

Define outer join?

0 Answers  

---

What are the rules to use the rowguidcol property to define a globally unique identifier column?

0 Answers  

---