You must Sign In to post a response.
  • Category: SQL Server

    What is SQL Injection

    What is Sql Injection. Please Explain with Example in a simple way...
  • #763119
    Hello Sushma Rana,

    SQL injection is a code injection technique, used to attack data-driven applications. It is a technique where malicious users can inject SQL commands into an SQL statement.

    Injected SQL commands can alter SQL statement.

    SELECT * FROM SiteUsers WHERE Name ="" or ""="" AND Pass ="" or ""=""

    It will return all rows from the table, since WHERE ""="" is always true.

    So the hacker can easily get all the records of all users.

    Nirav Lalan
    DNS Gold Member
    "Failure is the path of least persistence"

  • #763137

    Refer below link you may get some idea of "SQL Injection"

    Give respect to your work, Instead of trying to impress your boss.

    Blog :

  • #763290
    SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application's database server (also commonly referred to as a Relational Database Management System – RDBMS). Since an SQL injection vulnerability could possibly affect any website or web application that makes use of an SQL-based database, the vulnerability is one of the oldest, most prevalent and most dangerous of web application vulnerabilities.
    SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

    For e.g.

    Select * From OrderMaster where OrderNumber="'"

Sign In to post your comments