adspace


  1. Categories >> Software >> Databases >> SQL Server
  2. Suggest New Category

What is sql injection? How to protect against sql injection attack?

Question Posted / Manoj Meena

Answer Posted / Manoj Meena

"SQL Injection" is a cyberattack where an attacker injects malicious SQL code into a SQL statement to gain unauthorized access or manipulate data. To protect against SQL Injection, use parameterized queries instead of building dynamic SQL statements from user input, and validate all user input for expected format and length.nnFor example, in C# using ADO.NET,nyou can use Parameters: n```csharpnSqlCommand cmd = new SqlCommand("SELECT * FROM Customers WHERE CustomerName = @CustomerName", conn);ncmd.Parameters.AddWithValue("@CustomerName", customerName);```

Is This Answer Correct ?    0 Yes 0 No



Post New Answer       View All Answers


Please Help Members By Posting Answers For Below Questions

When should you use an instead of trigger?

1051

How to provide default values to function parameters?

1257

What is the primary use of the model database?

1148

What are different types of constraints?

1000

How to enter binary string literals in ms sql server?

1243

Is it possible to have clustered index on separate drive from original table location?

1039

Can you index views?

953

Does view occupy space?

1018

Explain system functions or built-in functions? What are different types of system functions?

1065

Where can you add custom error messages to sql server?

1209

What is a view in sql?

1039

This question asked during interview, 2) At the end of each month, a new table is created for each bank that contains monthly metrics consolidated at the account level. The table naming convention is bankX_YYYYMM where X represents the numeric designation of the bank and YYYYMM indicates the 4 digit year and 2 digit month. The tables contain the following fields: name data type description account text account number registered boolean indicates whether the account is registered num_trans integer number of transactions made during the time period spend numeric(9,2) total spend during the time period a) Write a SQL query that will display the total number of transactions and total spend for "Bank1" during the 4th quarter of 2009. b) Write a SQL query that will display the total number of transactions and total spend at "Bank1" and "Bank2", broken out by registered vs. non-registered accounts, during January 2010 not sure what is correct answer and how to solve?

2565

What is sql server query analyzer?

1127

Why use identity in sql server?

1197

What kind of problems occurs if we do not implement proper locking strategy?

1499