Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Databases >> SQL Server
  2. Suggest New Category

what is sql injection in sql server?

Question Posted / venkat reddy.ravu

Answer Posted / venkat reddy.ravu

SQL injection is nothing but inserting malicious code with
the strings and later which will pass to the particular SQL
server instances which may damage the database or may
corrupt bthe data

For exaple:


var EmpName;
EmpName= Request.form ("EmpName");
var sql = "select * from Employee where EmpName= '" +
EmpName+ "'";


If you considers the above query and if user prompts to
enter the input as Scott,

Then query processed like this

select * from Employee where EmpName='Scott'

If user enters the input as below,

Scott,drop table Employee
In this case your query will be processed as below

select * from Employee where Ename='Scott',drop table emp

So,first select statement will be executed and then table
will be dropped.

Nothing but without standard of coding an expertised user
may damages or corrupt the databases.

To avoid SQL injection attacks:-
1)Use Parameterized Input with Stored Procedures
2)Use the Parameters Collection with Dynamic SQL
3)Filtering Input
4)LIKE Clauses

Is This Answer Correct ?    2 Yes 0 No



Post New Answer       View All Answers


Please Help Members By Posting Answers For Below Questions

What are the differences between clustered and non-clustered index?

1033

What is a data source or ds? : sql server analysis services, ssas

1006

What is the process of indexing?

1009

Please explain that what are the basic functions for master, msdb, model, tempdb and resource databases? : SQL Server Architecture

975

Write SQL queries on Self Join and Inner Join.

1154

You have a table with close to 100 million records recently, a huge amount of this data was updated now, various queries against this table have slowed down considerably what is the quickest option to remedy the situation?

906

What is user-defined multi-statement table-valued function?

1062

Find columns used in stored procedure?

991

what are user defined datatypes? : Sql server database administration

966

Write an sql query for deleting duplicate rows?

995

What are scalar functions?

1000

What is data compression? : sql server database administration

971

What is the difference between clustered and non-clustered indexes in ms sql server?

1001

Do you know what is sql service broker?

1086

How to end a stored procedure properly in ms sql server?

1090