Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
Node is saved as draft in My Content >> Draft

  • SQL Injection

    @HIMANSHU
    Recommendations Offline Message

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 24
    Comment on it

    A SQL Injection attack is an threat or data attack mechanism used by hackers to steal sensitive information from database.

    SQL Injection arises since the fields available for user input allow SQL statements to pass through and query the database directly.

    Ex:  Create table tbluser
(
 userName varchar(50) primary key,
 userpwd varchar(50),
 address varchar(100)
 )
insert into tbluser(userName,userpwd,address)values('mohan@gmail.com','123456','Delhi');
insert into tbluser(userName,userpwd,address)values('shailendra@gmail.com','123456','Noida');

    Now lets look at the following query string in Asp.net. In this we are passing username from TextBox "txtUserID" and userpwd from TextBox "txtpwd" to check user credential.

     "SELECT * FROM tbluser WHERE userName = '"+ txtUserID.text +"' and userpwd = '"+ txtPwd.text +"'";

    Now hacker will pass the following input to TextBoxes to inject sql attack. What will happen when the below data goes as input?

    "SELECT * FROM tbluser WHERE userName = ';Drop table tblusers --' and userpwd = '123'";
    SQL
    Comment on it

 0 Comment(s)

Sign In
Forgot Password?
                           OR                           
Create an account !!
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: