Tutorials
Resources
Forum
Communities
Interview
Jobs
Projects
Offshore Development
Silverlight Tutorials
|
Mentor
|
Code Converter
|
Articles
|
Code Factory
|
Computer Jokes
|
Members
|
Peer Appraisal
|
IT Companies
|
Bookmarks
|
Revenue Sharing
|
Prizes & Awards
My Profile
Sign In
Register
AdSense Revenue
Active Members
Today
sabeer masthan
(259)
amarababu nara...
(204)
Abraham Kuriak...
(104)
Last 7 Days
Deepika Harida...
(1268)
Pradeep Y
(1157)
amarababu nara...
(1031)
more...
New Feature:
Community Sites
:
Create your own .NET community website and start earning from Google AdSense !
It's Free !
SQL Injection
Posted Date: 24 Apr 2008 Resource Type:
Articles
Category:
Databases
Posted By:
Nitin Srivastava
Member Level:
Gold
Rating:
Points
: 5
SQL injection is a strategy for attacking databases. The attacker "injects" a SQL statement into another statement.
Web sites that interface with databases are particularly to SQL injection because they often rely on dynamic SQL.
Here's a simple example.
An ASP.NET or any WEB page asks the user for a USERID and a password to login the side, and then sends the following string to the database:
SELECT * FROM users_information WHERE username = '
' AND pass = '
'
It seems safe, but it isn't.
A user might enter something like this as her username: ' OR 1=1 --
When this is used into the SQL statement, the result looks like this:
SELECT * FROM users_information WHERE username = '' OR 1=1 -- AND pass = ''
This injection comments out the password portion of the statement.
The easiest way to prevent this sort of injection is to parse the SQL string and remove any occurrences of "--" before passing the statement.
Responses
No responses found. Be the first to respond and make money from
revenue sharing program
.
Feedbacks
Popular Tags
What are tags ?
Search Tags
Sign In
SQL Injection
.
Example
.
Definition
.
Post Feedback
This is a strictly moderated forum. Only approved messages will appear in the site. Please use 'Spell Check' in Google toolbar before you submit.
You must
Sign In
to post a response.
Next Resource:
Try Catch block in SQLServer 2005
Previous Resource:
What is a Clusterd Index View?
Return to Discussion Resource Index
Post New Resource
Category:
Databases
Post resources and
earn money
!
Related Resources
Reclaiming the table space after dropping a column - [With Clustered Index]
TSQL Datatypes
What is the result when comparing two nulls in SQL?
Basics of database connection in asp.net
IN and OUT of SQL Transactions
dotNet Slackers
BizTalk Adaptors
Web Design
web conferencing
Contact Us
Privacy Policy
Terms Of Use