Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

sql injection

Posted on 2010-08-20
4
Medium Priority
?
564 Views
Last Modified: 2012-05-10
Hi,

I have heard many times about sql injection. Can anyone help me, what is sql injection and practically how it is done?

Thank you
0
Comment
Question by:mkk39
  • 2
4 Comments
 
LVL 29

Expert Comment

by:sammySeltzer
ID: 33486162
0
 
LVL 29

Expert Comment

by:sammySeltzer
ID: 33486228
0
 
LVL 60

Expert Comment

by:Kevin Cross
ID: 33488129
Aside from the links already given, SQL injection is typically when you have a SQL statement executed from another piece of code like a web application that doesn't guard against the 'injection' of other T-SQL that is usually malicious in nature.

For example, a bad practice for checking user passwords on logon would be:

select * from users where username = 'john' and password = 'smith'

Aside from the other reasons this is bad, imagine if instead of smith I passed this as my password:

smith' or '1'='1

Or better shown:
select * from users where username = 'john' and password = 'smith' or '1'='1'

gr8gonzo here at EE did a nice job of explaining that and some other security items here:

5-Steps-to-Securing-Your-Web-Application
http://www.experts-exchange.com/A_1263.html

Hope that helps.
0
 
LVL 5

Accepted Solution

by:
sindhuxyz earned 2000 total points
ID: 33609861
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is possible to export the data of a SQL Table in SSMS and generate INSERT statements. It's neatly tucked away in the generate scripts option of a database.
Recursive SQL is one of the most fascinating and powerful and yet dangerous feature offered in many modern databases today using a Common Table Expression (CTE) first introduced in the ANSI SQL 99 standard. The first implementations of CTE began ap…
Viewers will learn how the fundamental information of how to create a table.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question