Interested to Buy Any Domain ? << Click Here >> for more details...
Answer Posted / venkat reddy.ravu
SQL injection is nothing but inserting malicious code with
the strings and later which will pass to the particular SQL
server instances which may damage the database or may
corrupt bthe data
For exaple:
var EmpName;
EmpName= Request.form ("EmpName");
var sql = "select * from Employee where EmpName= '" +
EmpName+ "'";
If you considers the above query and if user prompts to
enter the input as Scott,
Then query processed like this
select * from Employee where EmpName='Scott'
If user enters the input as below,
Scott,drop table Employee
In this case your query will be processed as below
select * from Employee where Ename='Scott',drop table emp
So,first select statement will be executed and then table
will be dropped.
Nothing but without standard of coding an expertised user
may damages or corrupt the databases.
To avoid SQL injection attacks:-
1)Use Parameterized Input with Stored Procedures
2)Use the Parameters Collection with Dynamic SQL
3)Filtering Input
4)LIKE Clauses
| Is This Answer Correct ? | 2 Yes | 0 No |
Post New Answer View All Answers
Define compound operators?
What happens if ntwdblib.dll is missing on your machine?
What is self contained scalar sub query?
Can we deploy SSRS reports on our personal website?
How to create a Master database in SQL server ?
What are the kinds of subquery?
Explain the database you used in your final year project?
Explain how would you store your query in an SSRS report or a Database server?
How do I create a partition table in sql server?
Define Wed Edition in SQL Azure?
In which tcp/ip port does sql server run? Can it be changed?
What is service broker?
How many replicas are maintained for each SQL Azure database?
What is Fragmentation and Defragmentation? For 32GB Table,How can we do the fragmentation?
What is the difference between a check constraint and a rule?
