Solved

sql injection

Posted on 2010-08-20
4
526 Views
Last Modified: 2012-05-10
Hi,

I have heard many times about sql injection. Can anyone help me, what is sql injection and practically how it is done?

Thank you
0
Comment
Question by:mkk39
  • 2
4 Comments
 
LVL 28

Expert Comment

by:sammySeltzer
ID: 33486162
0
 
LVL 28

Expert Comment

by:sammySeltzer
ID: 33486228
0
 
LVL 59

Expert Comment

by:Kevin Cross
ID: 33488129
Aside from the links already given, SQL injection is typically when you have a SQL statement executed from another piece of code like a web application that doesn't guard against the 'injection' of other T-SQL that is usually malicious in nature.

For example, a bad practice for checking user passwords on logon would be:

select * from users where username = 'john' and password = 'smith'

Aside from the other reasons this is bad, imagine if instead of smith I passed this as my password:

smith' or '1'='1

Or better shown:
select * from users where username = 'john' and password = 'smith' or '1'='1'

gr8gonzo here at EE did a nice job of explaining that and some other security items here:

5-Steps-to-Securing-Your-Web-Application
http://www.experts-exchange.com/A_1263.html

Hope that helps.
0
 
LVL 5

Accepted Solution

by:
sindhuxyz earned 500 total points
ID: 33609861
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article describes how to use the timestamp of existing data in a database to allow Tableau to calculate the prior work day instead of relying on case statements or if statements to calculate the days of the week.
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Via a live example, show how to shrink a transaction log file down to a reasonable size.
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question