SQL Database Concepts Question: Download Questions PDF
Do you know what is SQL Injection?
Answer:
SQL Injection is an attack in which attacker take the advantage of insecure application over internet by running the SQL command against the database and to steal information from it that too using GUI of the website.
This attack can happen with the applications in which SQL queries are generated in the code.
The attacker tries to inject their own SQL into the statement that the application will use to query the database.
For example suppose the below query string is used for a search feature in a website and a user may have the inserted “Arpit” as the keyword to search. If in the code behind the keyword is directly used into the SQL statement, it will be like.
String sql = “Select EmpName, City from EmployeeMaster where EmpName like ‘%” + txtSearch.Text + “%’”;
But the attacker might enter the keyword like
‘ UNION SELECT name, type, id from sysobjects;--
This way attacker can get details of all the objects of the application database and using that attacker can steal further information.
This attack can happen with the applications in which SQL queries are generated in the code.
The attacker tries to inject their own SQL into the statement that the application will use to query the database.
For example suppose the below query string is used for a search feature in a website and a user may have the inserted “Arpit” as the keyword to search. If in the code behind the keyword is directly used into the SQL statement, it will be like.
String sql = “Select EmpName, City from EmployeeMaster where EmpName like ‘%” + txtSearch.Text + “%’”;
But the attacker might enter the keyword like
‘ UNION SELECT name, type, id from sysobjects;--
This way attacker can get details of all the objects of the application database and using that attacker can steal further information.
Download Basic SQL Server Interview Questions And Answers
PDF
| Previous Question | Next Question |
| Explain features and concepts of Analysis Services? | Explain what is Analysis service repository? |