Sql injection, DOT NET Programming

What is SQl injection?

This is a Form of attack on the  database-driven Web site in which the attacker executes the unauthorized SQL commands by taking merits of insecure code on a system connected to the Internet, or bypassing the firewall. The SQL injection attacks are always used to steal the information from a database from which the data would normally not be available and/or to gain access to an organization's host computers through the computer which is hosting the database.

The SQL injection attacks typically are simple to avoid by ensuring that a system has strong input validation.

As the name suggest we inject SQL which can be relatively dangerous for the database.

For Example this is a simple SQL

SELECT email, passwd, login_id, full_name

 FROM members

WHERE email = 'x'

Now someone does not put "x" as the input but puts "x ; DROP TABLE members;". So the actual SQL which will execute is :-

SELECT email, passwd, login_id, full_name

 FROM members

 WHERE email = 'x' ; DROP TABLE members;

Posted Date: 9/24/2012 3:22:41 AM | Location : United States







Related Discussions:- Sql injection, Assignment Help, Ask Question on Sql injection, Get Answer, Expert's Help, Sql injection Discussions

Write discussion on Sql injection
Your posts are moderated
Related Questions
i would like to learnd API''s how they works for advance programming in vb.net

What are runtime services? Runtime services having of predefined and user-defined classes that are available to the workflow runtime engine during implementation to customize t

What is CLR?  CLR(Common Language Runtime) is the major resource of .Net Framework. It is collection of services such as garbage collector, exception handler, jit compilers etc

What is difference between abstract classes and interfaces? The difference b/w abstract and interfaces are s follows:- 1.     The Abstract classes can have concrete methods

Project Description: We are a small development house in Singapore, and have a project which is 90 percent complete; thud our previous developer could not finish due to other co

UDP Based, Data Transfer Server/ Client in .NET C# Project Description: We require the Network Level Functionalities (NLFs) of a Server/ Client for transferring data among tw

This assignment is about writing a C# application that creates a minimal student enrolment system. The application will display lists of papers and students. The user can enrol stu


Project Description I require a Automated penny auction bidder software (bidder robot, sniper software, Autobidder ) that put bid at specific milliseconds Nanoseconds from the e

What is Unicode? In order to understand the concept of Unicode we require  to move a little back and understand the ANSI code. The ASCII (ask key) stands for American Standard