An SQL injection attack "injects" or manipulates SQL code by ad

What is SQL injection?

Question Posted / p.ramakrishna

2 Answers
5529 Views
I also Faced
E-Mail Answers

Answer Posted / p.ramakrishna

An SQL injection attack "injects" or manipulates SQL code
by adding unexpected SQL to a query.
Many web pages take parameters from web user, and make SQL
query to the database. Take for instance when a user login,
web page that user name and password and make SQL query to
the database to check if a user has valid name and password.
Username: ' or 1=1 ---
Password: [Empty]
This would execute the following query against the users
table:
select count(*) from users where userName='' or 1=1 --' and
userPass=''

Is This Answer Correct ?

5 Yes

1 No

Post New Answer View All Answers

Please Help Members By Posting Answers For Below Questions

Suppose You Want A Certain Asp.net Function Executed On Mouseover For A Certain Button. Where Do You Add An Event Handler?

644

what is command line compiler.what are the steps and how it is related to debugging.

1409

Dataset is the disconnected environment. suppose if you are binding records to gridview (disconnected environment) and you are making changes to the the grid but before updating the database if any other user modify the data, how will you avoid such problem?

1715

Why session management is required?

531

Explain the differences between clr & cts?

562

How to set the pane area to transparent of a scrollPane component.?

559

What are web beacons used for?

537

Where is asp.net view state stored?

510

What is _dopostback in asp net?

525

How can you debug your.net application?

554

Give me one example of Web API Routing?

597

Can action method static?

529

explain code with multi inhertance

1645

What is asp.net? How is it different from asp?

540

Which tool you have done?

1478