.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
 
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
david stephan

Home >> Articles >> .Net Framework >> Post New Resource Bookmark and Share   

 Subscribe to Articles

What is SQL injection?

Posted By:Shashi Ray       Posted Date: August 19, 2009    Points: 25    Category: .Net Framework    URL: http://www.dotnetspark.com  
 

What is SQL injection?

It is a Form of attack on a database-driven Web site in which the attacker executes unauthorized SQL commands by taking advantage of insecure code on a system connected to the Internet, bypassing the firewall. SQL injection attacks are used to steal information from a database from which the data would normally not be available and/or to gain access to an organization''s host computers through the computer that is hosting the database.

 

SQL injection attacks typically are easy to avoid by ensuring that a system has strong input validation.

 

As name suggest we inject SQL which can be relatively dangerous for the database.

 

Example this is a simple

SQL SELECT email, password, login_id, full_name FROM members WHERE email = ''''x''''

 

Now somebody does not put "x" as the input but puts "x ; DROP TABLE members;".

 

So the actual SQL which will execute is :-

SELECT email, passwd, login_id, full_name FROM members WHERE email = ''''x'''' ; DROP TABLE members;

 

Shashi Ray


 Subscribe to Articles

     

Further Readings:

Responses

No response found. Be the first to respond this post

Post Comment

You must Sign In To post reply
Find More Articles on C#, ASP.Net, Vb.Net, SQL Server and more Here

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend