Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

sql injection

Posted on 2010-08-20
4
529 Views
Last Modified: 2012-05-10
Hi,

I have heard many times about sql injection. Can anyone help me, what is sql injection and practically how it is done?

Thank you
0
Comment
Question by:mkk39
  • 2
4 Comments
 
LVL 28

Expert Comment

by:sammySeltzer
ID: 33486162
0
 
LVL 28

Expert Comment

by:sammySeltzer
ID: 33486228
0
 
LVL 59

Expert Comment

by:Kevin Cross
ID: 33488129
Aside from the links already given, SQL injection is typically when you have a SQL statement executed from another piece of code like a web application that doesn't guard against the 'injection' of other T-SQL that is usually malicious in nature.

For example, a bad practice for checking user passwords on logon would be:

select * from users where username = 'john' and password = 'smith'

Aside from the other reasons this is bad, imagine if instead of smith I passed this as my password:

smith' or '1'='1

Or better shown:
select * from users where username = 'john' and password = 'smith' or '1'='1'

gr8gonzo here at EE did a nice job of explaining that and some other security items here:

5-Steps-to-Securing-Your-Web-Application
http://www.experts-exchange.com/A_1263.html

Hope that helps.
0
 
LVL 5

Accepted Solution

by:
sindhuxyz earned 500 total points
ID: 33609861
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Creating and Managing Databases with phpMyAdmin in cPanel.
When table data gets too large to manage or queries take too long to execute the solution is often to buy bigger hardware or assign more CPUs and memory resources to the machine to solve the problem. However, the best, cheapest and most effective so…
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question