Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Databases >> SQL Server
  2. Suggest New Category

1.Describe way(s) to tune the SQL table in order to
optimize performance.

2. Explain SQL Injection and how can you prevent them?

Question Posted / jerry joseph

Answer Posted / jerry joseph

1. identify and create optimal indexes for your tables

every table should have at least a clustered index

Indexes should be considered on all columns that are
frequently accessed by the WHERE, ORDER BY, GROUP BY, TOP,
and DISTINCT clauses

Static tables can be more heavily indexed that dynamic tables

2. An SQL Injection attack is a form of attack that comes
from user input that has not been checked to see that it is
valid. The objective is to fool the database system into
running malicious code that will reveal sensitive
information or otherwise compromise the server.

Example:
StrSQL = "SELECT * from Users WHERE username = '" +
txtUserName.Text + "' AND password = '" + txtPassword.Text +
"'";
if txtUserName is entered as "admin' OR 1 = 1;--" the query
becomes
"SELECT * from Users WHERE username = 'admin' OR 1 = 1;--'
AND password = '" + txtPassword.Text + "'"
user logs in as admin

Prevention :
Use Parameterized Queries or Stored Procedures to prevent
SQL Injection.

Is This Answer Correct ?    0 Yes 0 No



Post New Answer       View All Answers


Please Help Members By Posting Answers For Below Questions

Is a null value equal to anything? Can a space in a column be considered a null value? Why or why not?

1061

What does ss stand for sexually?

1075

What is policy management?

990

Explain about integration services of Microsoft SQL server?

1031

1)what is the difference between Reinitializing a Subscription and synchronization the subscription? 2)when to use reinitializing ? 3)when to use synchronization? 4)when adding table or deleting a table what to do?(reinz.. or syn) 5)when adding a column what to do?

2102

Explain partitioned view?

1064

if no size is defined while creating the database, what size will the database have? : Sql server administration

995

What is mean by dml?

1001

What is a livelock?

952

How to delete duplicate rows from table except one?

985

How to rename an existing table with the "sp_rename" stored procedure in ms sql server?

1024

what is the system function to get the current user's user id? : Sql server database administration

1009

What does asynchronous call backs means?

1150

You want to check the syntax of a complicated update sql statement without executing it. What command should you use?

979

Is sql server implemented as a service or an application? : Sql server database administration

959