Interested to Buy Any Domain ? << Click Here >> for more details...
Answer Posted / venkat reddy.ravu
SQL injection is nothing but inserting malicious code with
the strings and later which will pass to the particular SQL
server instances which may damage the database or may
corrupt bthe data
For exaple:
var EmpName;
EmpName= Request.form ("EmpName");
var sql = "select * from Employee where EmpName= '" +
EmpName+ "'";
If you considers the above query and if user prompts to
enter the input as Scott,
Then query processed like this
select * from Employee where EmpName='Scott'
If user enters the input as below,
Scott,drop table Employee
In this case your query will be processed as below
select * from Employee where Ename='Scott',drop table emp
So,first select statement will be executed and then table
will be dropped.
Nothing but without standard of coding an expertised user
may damages or corrupt the databases.
To avoid SQL injection attacks:-
1)Use Parameterized Input with Stored Procedures
2)Use the Parameters Collection with Dynamic SQL
3)Filtering Input
4)LIKE Clauses
| Is This Answer Correct ? | 2 Yes | 0 No |
Post New Answer View All Answers
What is sql server database?
Can we return Data from 4(more than 1) tables in stored procedure?
Describe in brief sql server monitoring ways.
Can we store videos inside the sql server table?
What are the fixed server level roles? : sql server security
Explain the properties of a relational table?
How to loop through result set objects using odbc_fetch_row()?
What is Extended user-defined?
How can you fetch alternate records from a table?
Why variables called the most powerful component of ssis?
What are the kinds of subquery?
How to delete existing rows in a table?
What is openxml in sql server?
How many categories of functions based their return modes?
Can we call stored procedure in trigger?
