.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal

Home >> Articles >> .Net Framework >> Post New Resource Bookmark and Share   

 Subscribe to Articles

What is SQL injection?

Posted By:Shashi Ray       Posted Date: August 19, 2009    Points: 25    Category: .Net Framework    URL: http://www.dotnetspark.com  

What is SQL injection?

It is a Form of attack on a database-driven Web site in which the attacker executes unauthorized SQL commands by taking advantage of insecure code on a system connected to the Internet, bypassing the firewall. SQL injection attacks are used to steal information from a database from which the data would normally not be available and/or to gain access to an organization''s host computers through the computer that is hosting the database.


SQL injection attacks typically are easy to avoid by ensuring that a system has strong input validation.


As name suggest we inject SQL which can be relatively dangerous for the database.


Example this is a simple

SQL SELECT email, password, login_id, full_name FROM members WHERE email = ''''x''''


Now somebody does not put "x" as the input but puts "x ; DROP TABLE members;".


So the actual SQL which will execute is :-

SELECT email, passwd, login_id, full_name FROM members WHERE email = ''''x'''' ; DROP TABLE members;


Shashi Ray

 Subscribe to Articles


Further Readings:


No response found. Be the first to respond this post

Post Comment

You must Sign In To post reply
Find More Articles on C#, ASP.Net, Vb.Net, SQL Server and more Here

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend