Interested to Buy Any Domain ? << Click Here >> for more details...
Answer Posted / srikant dwibedi
SQL Injection is he process of passing SQL code into an
application in a way that was not intended by the
application developer or it is a strategy for attacking
databases.
Example
An ASP page asks the user for a name and a password.
SELECT FROM users WHERE username="whatever" AND
password="mypassword".
It seems safe,but it is not. A user might enter somthing
like this 'OR 1>0....
when this is plugged into the SQL statewments the result
looks like this:
SELECT FROM users WHERE username="OR 1>0 " AND
password=" ";
This injectin comments out of the password portion of the
statement. It results in a list of all the names in the
users table. So any user could get into your system.
| Is This Answer Correct ? | 3 Yes | 2 No |
Post New Answer View All Answers
How do you merge 2 datasets into the third dataset in a simple manner?
What is row state?
What is the use of SqlCommandBuilder?
What is data reader in ado.net?
Explain what is datagrid with an example?
What is Data Provider?
What is connection pooling and what is the maximum pool size in ado.net connection string?
What is sqldatareader?
Explain what are the steps to connect to a database?
What are dcl commands?
Data reader read and forward only, how is it possible to get 2 tables of data at a time?
What is the purpose of using adodb?
What is linq and entity framework?
Explain how to copy the contents from one table to another table and how to delete the source table in ado.net?
How can I retrieve two tables of data at a time by using data reader? Data reader read and forward only, how is it possible to get 2 tables of data at a time?
