Talk to Webmaster Tony John Online Members s baskar More...

Forums » .NET » SQL Server » What is sql injection? Posted Date: 18 Nov 2009      Posted By:: Marrel     Member Level: Silver    Member Rank: 865     Points: 1   Responses: 6 hi, Can u pls explain me whatz sql injection? Tweet Responses #444039    Author: Alwyn Duraisingh        Member Level: Gold      Member Rank: 11     Date: 18/Nov/2009   Rating:     Points: 2 SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks Regards, Alwyn Duraisingh.M  << Database Administrator >> Jesus saves! The rest of us better make backups...   #444041    Author: Babu Akkandi      Member Level: Gold      Member Rank: 48     Date: 18/Nov/2009   Rating:     Points: 2 Refer this Link, http://msdn.microsoft.com/en-us/library/ms161953.aspx Thanks and Regards, Babu Akkandi Microsoft Technology   #444125    Author: Shameer      Member Level: Gold      Member Rank: 460     Date: 18/Nov/2009   Rating:     Points: 2 SQL injection is a technique to maliciously exploit applications that use client-supplied data in SQL statements. Attackers trick the SQL engine into executing unintended commands by supplying specially crafted string input, thereby gaining unauthorized access to a database in order to view or manipulate restricted data. Types of SQL Injection Attacks 1. First Order attack - The attacker can simply enter a malicious string and cause the modified code to be executed immediately. 2. Second Order Attack - The attacker injects into persistent storage (such as a table row) which is deemed as a trusted source. An attack is subsequently executed by another activity. 3. Lateral Injection - The attacker can manipulate the implicit function To_Char() by changing the values of the environment variables, NLS_Date_Format or NLS_Numeric_Characters.   #444211    Author: Gaurav Khanna      Member Level: Gold      Member Rank: 132     Date: 18/Nov/2009   Rating:     Points: 2 The best way to protect SQL Injection while coding in .NET is to use SqlParameter in queries.   #444230    Author: Alwyn Duraisingh        Member Level: Gold      Member Rank: 11     Date: 18/Nov/2009   Rating:     Points: 2 Gaurav, Can u please tell on what way does the Sql parameter defends over the injection? Regards, Alwyn Duraisingh.M  << Database Administrator >> Jesus saves! The rest of us better make backups...   #463709    Author: Preeti jain      Member Level: Gold      Member Rank: 208     Date: 13/Jan/2010   Rating:     Points: 2 hi SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution   Post Reply   This thread is locked for new responses. Please post your comments and questions as a separate thread. If required, refer to the URL of this page in your new post. Tweet Next : What is Magic Table? Previous : Lockin tables Return to Discussion Forum Post New Message Category: Related Messages Exporting SQL Server Table to Excel Using DTS Function is not working trigger problem. DATE SEARCH IN ASPX PAGE Any body tell good pl sql book reference URL and FAQ

Active Members Today APEX ONLINE ... (38) baskar (31) Asheej T K (25) Last 7 Days baskar (326) Ultimaterengan (297) Rakesh Chaubey (184) more... Awards & Gifts Email subscription .NET Jobs .NET Articles .NET Forums Articles Rss Feeds Forum Rss Feeds

About Us    Contact Us    Copyright    Privacy Policy    Terms Of Use    Revenue Sharing sites   Advertise   Talk to Tony John