What is SQl injection ?
It is a Form of attack on a database-driven Web site in
which the
attacker executes
unauthorized SQL commands by taking advantage of insecure
code on a
system connected
to the Internet, bypassing the firewall. SQL injection
attacks are used
to steal information
from a database from which the data would normally not be
available
and/or to gain
access to an organization's host computers through the
computer that
is hosting the
database.
SQL injection attacks typically are easy to avoid by
ensuring that a
system has strong
input validation.
As name suggest we inject SQL which can be relatively
dangerous for the
database.
Example this is a simple SQL
SELECT email, passwd, login_id, full_name
FROM members
WHERE email = 'x'
Now somebody does not put "x" as the input but
puts "x ; DROP
TABLE members;".
So the actual SQL which will execute is :-
SELECT email, passwd, login_id, full_name
FROM members
WHERE email = 'x' ; DROP TABLE members;
Think what will happen to your database
Full Interview Questions for .NET and SQL Server
http://www
.geocities.com/dotnetinterviews/
Help the community to make job search easier mail your
questions to
shiv_koirala yahoo.com
|