Sql injection, DOT NET Programming

What is SQl injection?

This is a Form of attack on the  database-driven Web site in which the attacker executes the unauthorized SQL commands by taking merits of insecure code on a system connected to the Internet, or bypassing the firewall. The SQL injection attacks are always used to steal the information from a database from which the data would normally not be available and/or to gain access to an organization's host computers through the computer which is hosting the database.

The SQL injection attacks typically are simple to avoid by ensuring that a system has strong input validation.

As the name suggest we inject SQL which can be relatively dangerous for the database.

For Example this is a simple SQL

SELECT email, passwd, login_id, full_name

 FROM members

WHERE email = 'x'

Now someone does not put "x" as the input but puts "x ; DROP TABLE members;". So the actual SQL which will execute is :-

SELECT email, passwd, login_id, full_name

 FROM members

 WHERE email = 'x' ; DROP TABLE members;

Posted Date: 9/24/2012 3:22:41 AM | Location : United States

Related Discussions:- Sql injection, Assignment Help, Ask Question on Sql injection, Get Answer, Expert's Help, Sql injection Discussions

Write discussion on Sql injection
Your posts are moderated
Related Questions
Modification in .net website I need some modification in asp.net website. It's an e-commerce site. Skills required: .NET, HTML, eCommerce, Shopping Carts, Website Design

I need a Custom Report - Crystal Reports Project Description: I am seeking a custom report for our syrinx hire software, all reports are made from Crystal Reports. Skills

What are the  steps of acquiring a proxy object in Webservice? The following steps are required to get a proxy object of a webservice at the client side:- 1.     The Clie

What is BCP utility in SQL SERVER? The Bulk Copy Program (BCP) is a command line utility by which you can import & export large amounts of data in and out of the SQL SERVER dat

ASP.NET/MSSQL/ MVC completing backend solution + integrating with frontend. Project Description: System is used for tracking company's activities through several projects by

how can we use entity framework in ASP.Net MVC

Program of Declaring a function - C# Program Program of Declaring a function, I am looking for a program in C#. It would be great if anyone help me learn function in C# langua

What is a candidate key? A table may have more than one combination of columns that could uniquely identify the rows in a table; every combination is a candidate key. During th

Project Description: We are seeking a simple tool that can convert an existing flash file (.SWF) into HTML5. Our idea is to convert small flash games into html5 games. Please NO

What is XML? Extensible markup language (XML) is all about describing the data. Below is a XML which describes an invoice data. Shoes   12 10