What Is Sql Injection?

1.	What Is Sql Injection?
Answer» An SQL injection attack "injects" or manipulates SQL code by adding unexpected SQL to a query. Many web pages TAKE PARAMETERS from web USER, and make SQL query to the database. Take for instance when a user login, web page that user NAME and password and make SQL query to the database to check if a user has valid name and password. Username: ' or 1=1 --- Password: [Empty] This would EXECUTE the following query against the users table: select count(*) from users where userName='' or 1=1 --' and userPass='' An SQL injection attack "injects" or manipulates SQL code by adding unexpected SQL to a query. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. This would execute the following query against the users table:

Answer»

An SQL injection attack "injects" or manipulates SQL code by adding unexpected SQL to a query. Many web pages TAKE PARAMETERS from web USER, and make SQL query to the database. Take for instance when a user login, web page that user NAME and password and make SQL query to the database to check if a user has valid name and password.

Username: ' or 1=1 ---
Password: [Empty]

This would EXECUTE the following query against the users table:

select count(*) from users where userName='' or 1=1 --' and userPass=''

An SQL injection attack "injects" or manipulates SQL code by adding unexpected SQL to a query. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password.

This would execute the following query against the users table:

Discussion

No Comment Found

Related InterviewSolutions

Explain The Different Types Of Assemblies?
Can One Dll File Contains The Compiled Code Of More Than One .net Language?
What Is The Maximum Number Of Classes That Can Be Contained In One Dll File?
Explain The Differences Between Managed And Unmanaged Code?
What Is Side-by-side Execution? Can Two Applications, One Using A Private Assembly And Other Using A Shared Assembly, Be Stated As Side-by-side Executables?
Why Is String Called Immutable Data Type?
Briefly Describe The Roles Of Clr In .net Framework?
Mention The Core Components Of .net Framework?
What Are The Benefits Of .net Framework?
Mention The Execution Process For Managed Code?