Solved

sql injection

Posted on 2010-08-20
4
531 Views
Last Modified: 2012-05-10
Hi,

I have heard many times about sql injection. Can anyone help me, what is sql injection and practically how it is done?

Thank you
0
Comment
Question by:mkk39
  • 2
4 Comments
 
LVL 28

Expert Comment

by:sammySeltzer
ID: 33486162
0
 
LVL 28

Expert Comment

by:sammySeltzer
ID: 33486228
0
 
LVL 59

Expert Comment

by:Kevin Cross
ID: 33488129
Aside from the links already given, SQL injection is typically when you have a SQL statement executed from another piece of code like a web application that doesn't guard against the 'injection' of other T-SQL that is usually malicious in nature.

For example, a bad practice for checking user passwords on logon would be:

select * from users where username = 'john' and password = 'smith'

Aside from the other reasons this is bad, imagine if instead of smith I passed this as my password:

smith' or '1'='1

Or better shown:
select * from users where username = 'john' and password = 'smith' or '1'='1'

gr8gonzo here at EE did a nice job of explaining that and some other security items here:

5-Steps-to-Securing-Your-Web-Application
http://www.experts-exchange.com/A_1263.html

Hope that helps.
0
 
LVL 5

Accepted Solution

by:
sindhuxyz earned 500 total points
ID: 33609861
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Slowly Changing Dimension Transformation component in data task flow is very useful for us to manage and control how data changes in SSIS.
In this article we will learn how to fix  “Cannot install SQL Server 2014 Service Pack 2: Unable to install windows installer msi file” error ?
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question