Sql injection, DOT NET Programming

What is SQl injection?

This is a Form of attack on the  database-driven Web site in which the attacker executes the unauthorized SQL commands by taking merits of insecure code on a system connected to the Internet, or bypassing the firewall. The SQL injection attacks are always used to steal the information from a database from which the data would normally not be available and/or to gain access to an organization's host computers through the computer which is hosting the database.

The SQL injection attacks typically are simple to avoid by ensuring that a system has strong input validation.

As the name suggest we inject SQL which can be relatively dangerous for the database.

For Example this is a simple SQL

SELECT email, passwd, login_id, full_name

 FROM members

WHERE email = 'x'

Now someone does not put "x" as the input but puts "x ; DROP TABLE members;". So the actual SQL which will execute is :-

SELECT email, passwd, login_id, full_name

 FROM members

 WHERE email = 'x' ; DROP TABLE members;

Posted Date: 9/24/2012 3:22:41 AM | Location : United States







Related Discussions:- Sql injection, Assignment Help, Ask Question on Sql injection, Get Answer, Expert's Help, Sql injection Discussions

Write discussion on Sql injection
Your posts are moderated
Related Questions
What is an Object in Dot Net? This is the basic unit of a system. An object is an entity that has identity, attributes, and behavior. The Objects are members of a class. The cl

What is a Cloud Service? A cloud service is used to build cloud applications. This service gives the facility of using the cloud application without installing it on the comput

Web Developer Project Description: We are in need of an expert web developer for long term connection; please apply with samples if you have the subsequent skills: ASP.NET

Can we get a strongly typed resource class? You can now get strongly types classes in the VS.NET intellisense as shown in the figure below. Figure: - Strongly typed re

What is Array List? An Array is whose size can increase or decrease dynamically. The Array list can hold item of various types. As Array list can increase and decrease his size

Project Description: I am having a table available in excel format and features the subsequent: - It has about 170000 rows - Some text is longer than 255 in length. - S

Jquery and MVC 4.5 Training Session I am looking who have industry experience working on Microsoft Technology ( MVC 4.5 ) and Jquery, who will take live online session and provi

Project Description: I need complete school management software, where user will get four module for their enquiry, 1> Student management 2> Staff complete payrole system

Program for Declaration and Additions of Variables, I am a learner of C# language and i am struggling with the declaration of variables in C#. Can you have any code examples for th

What is "Common Type System" (CTS)?  CTS define all of the basic types that can be used  in the .NET Framework and the operations performed on those type. All this time we have