Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Databases >> SQL Server
  2. Suggest New Category

what is sql injection in sql server?

Question Posted / manojpatil27@gmail.com

Answers were Sorted based on User's Feedback



what is sql injection in sql server?..

Answer / venkat reddy.ravu

SQL injection is nothing but inserting malicious code with
the strings and later which will pass to the particular SQL
server instances which may damage the database or may
corrupt bthe data

For exaple:


var EmpName;
EmpName= Request.form ("EmpName");
var sql = "select * from Employee where EmpName= '" +
EmpName+ "'";


If you considers the above query and if user prompts to
enter the input as Scott,

Then query processed like this

select * from Employee where EmpName='Scott'

If user enters the input as below,

Scott,drop table Employee
In this case your query will be processed as below

select * from Employee where Ename='Scott',drop table emp

So,first select statement will be executed and then table
will be dropped.

Nothing but without standard of coding an expertised user
may damages or corrupt the databases.

To avoid SQL injection attacks:-
1)Use Parameterized Input with Stored Procedures
2)Use the Parameters Collection with Dynamic SQL
3)Filtering Input
4)LIKE Clauses

Is This Answer Correct ?    2 Yes 0 No

what is sql injection in sql server?..

Answer / pankaj kumar

SQL injection is something where an end user of an application is able to submit SQL queries through the user interface and end up running those queries, causing potential damage to the database.

Is This Answer Correct ?    1 Yes 0 No

Post New Answer

More SQL Server Interview Questions

What is sql stored procedure?

0 Answers  

Explain the collation?

0 Answers  

What security features are available for stored procedure?

0 Answers  

Can a stored procedure call another stored procedure. If yes what level and can it be controlled?

2 Answers  

What is the use of keyword with encryption. Create a store procedure with encryption?

0 Answers  

What is single-user mode?

0 Answers  

Explain the relational database management system (rdbms)?

0 Answers  

What is difference between stored procedure and function?

3 Answers   L&T,

What is difference between rollback immediate and with no_wait during alter database?

0 Answers  

What is buffer cash and log cache in sql server?

0 Answers  

Can two tables share a primary key?

0 Answers  

What is the difference between UNION and UNIONALL?

5 Answers   CarrizalSoft Technologies, CTS,

For more SQL Server Interview Questions Click Here
Categories