Sql Injection
This is a discussion on Sql Injection within the Database Support forums, part of the Web Development category; SQL Injection SQL injection is a way to manipulate the SQL statements used in web applications for querying database. While ...
| |||||||
| Register | FAQ | Members List | Calendar | Mark Forums Read |
01-31-2008, 09:51 PM
| |||
| |||
 Sql Injection SQL Injection SQL injection is a way to manipulate the SQL statements used in web applications for querying database. While forming the SQL query, the programmer may directly use the user input without performing any validation. This opens a door for the attacker to play around with the database present on the target machine. By sending specially crafted user input, the original SQL statement can be manipulated. These attacks are carried out on parameters in URLs, form field values and cookies. The Example for SQL Injection is as follows Create Procedure sp_demosqlinject ( @user Varchar(100), @pass Varchar(100) ) as Begin Exec('Select * From Login Where UserName = + @User + And PassWord = + @Pass') End what happen when we execute the above procedures with the following input? Exec sp_demosqlinject 'Sridhar', 123 Delete Login We Lost our data through this attacks.     |
| Sponsored Links |
 |
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Prevention Measures to Avoid SQL Injection | vadivelanshanmugam | Database Support | 0 | 01-31-2008 10:27 PM |
| What is SQl injection ? | sundarraja | Database Support | 1 | 07-21-2007 12:50 AM |
| Javascript Injection | Jeyaseelansarc | HTML, CSS and Javascript Coding Techniques | 0 | 05-18-2007 11:06 PM |
| SQL injection technique | Jeyaseelansarc | PHP Programming | 1 | 05-16-2007 07:34 AM |
| Articles: SQL Injection | vadivelanvaidyanathan | Software Testing | 1 | 03-30-2007 04:08 AM |
All times are GMT -7. The time now is 09:39 PM.
