Solved

sql injection

Posted on 2010-08-20
4
525 Views
Last Modified: 2012-05-10
Hi,

I have heard many times about sql injection. Can anyone help me, what is sql injection and practically how it is done?

Thank you
0
Comment
Question by:mkk39
  • 2
4 Comments
 
LVL 28

Expert Comment

by:sammySeltzer
ID: 33486162
0
 
LVL 28

Expert Comment

by:sammySeltzer
ID: 33486228
0
 
LVL 59

Expert Comment

by:Kevin Cross
ID: 33488129
Aside from the links already given, SQL injection is typically when you have a SQL statement executed from another piece of code like a web application that doesn't guard against the 'injection' of other T-SQL that is usually malicious in nature.

For example, a bad practice for checking user passwords on logon would be:

select * from users where username = 'john' and password = 'smith'

Aside from the other reasons this is bad, imagine if instead of smith I passed this as my password:

smith' or '1'='1

Or better shown:
select * from users where username = 'john' and password = 'smith' or '1'='1'

gr8gonzo here at EE did a nice job of explaining that and some other security items here:

5-Steps-to-Securing-Your-Web-Application
http://www.experts-exchange.com/A_1263.html

Hope that helps.
0
 
LVL 5

Accepted Solution

by:
sindhuxyz earned 500 total points
ID: 33609861
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Slowly Changing Dimension Transformation component in data task flow is very useful for us to manage and control how data changes in SSIS.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now