what is sql injection in sql server?

Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

what is sql injection in sql server?

Question Posted / manojpatil27@gmail.com

2 Answers
6524 Views
TATA, I also Faced
E-Mail Answers

Answers were Sorted based on User's Feedback

what is sql injection in sql server?..

Answer / venkat reddy.ravu

SQL injection is nothing but inserting malicious code with
the strings and later which will pass to the particular SQL
server instances which may damage the database or may
corrupt bthe data

For exaple:

var EmpName;
EmpName= Request.form ("EmpName");
var sql = "select * from Employee where EmpName= '" +
EmpName+ "'";

If you considers the above query and if user prompts to
enter the input as Scott,

Then query processed like this

select * from Employee where EmpName='Scott'

If user enters the input as below,

Scott,drop table Employee
In this case your query will be processed as below

select * from Employee where Ename='Scott',drop table emp

So,first select statement will be executed and then table
will be dropped.

Nothing but without standard of coding an expertised user
may damages or corrupt the databases.

To avoid SQL injection attacks:-
1)Use Parameterized Input with Stored Procedures
2)Use the Parameters Collection with Dynamic SQL
3)Filtering Input
4)LIKE Clauses

Is This Answer Correct ?

2 Yes

0 No

what is sql injection in sql server?..

Answer / pankaj kumar

SQL injection is something where an end user of an application is able to submit SQL queries through the user interface and end up running those queries, causing potential damage to the database.

Is This Answer Correct ?

1 Yes

0 No

Post New Answer

More SQL Server Interview Questions

What is query cost in sql server?

What is the difference between in and exists. Ex: select * from emp where empno in(....) and select * from emp where empno exists(....) What is the difference between a Join and Union and Union and UnionAll.

5 Answers ABC, Accenture,

What is the difference between commit and rollback?

Does server sql treat char as a variable-length or fixed-length column?

What is the temp table?

How to insert a new row into a table with "insert into" statements in ms sql server?

What is the SQL?????????????????????????????

What is optimization and its types?

Explain about integration services of Microsoft SQL server?

What is the purpose of linked server configuration in sql server?

How many primary keys are possible in a table?

What is subquery explain with example?

For more SQL Server Interview Questions Click Here

Categories

Oracle (3259)
SQL Server (4518)
MS Access (429)
MySQL (1402)
Postgre (483)
Sybase (267)
DB Architecture (141)
DB Administration (291)
DB Development (113)
SQL PLSQL (3330)
MongoDB (502)
IBM Informix (50)
Neo4j (82)
InfluxDB (0)
Apache CouchDB (44)
Firebird (5)
Database Management (1411)
Databases AllOther (288)