|
SQL Injection:
SQL injection is a code injection technique which is used by malicious users to attack data-driven applications web applications as well as desktop applications), in which malicious SQL statements are inserted into any entry field for execution when we build dynamic SQL statements by concatenating strings.
SQL injection can exploit security vulnerability in any application. For example if the user inputs are not strongly typed or the inputs from the end user is not filtered for string literal escape characters embedded in SQL statements.
The malicious user can delete any record from the database, drop a table or even delete a complete database from the database.
For example, consider the following SQL statements:
Select * from users
The above SQL statement will select all the records from the users table. But if we type the following SQL statement
Select * from users’; Delete from users--
All the records from the users table will be deleted. These are basically two SQL statements first Select * from users which basically will select all the records from the database table but the second query which starts from Delete from users—will delete all the records from the users table from the database.
Ways to avoid SQL injection:
Using Parameterised query
Using Stored procedures.
In this video we will discuss what is SQL Injection attack and the ways to avoid SQL injection attack in VB.Net and SQl Server. We will inject an SQL injection in our VB.Net application and we will avoid the same problem by using Parameterized query and store procedures.
In this video we will discuss what is SQL Injection attack and the ways to avoid SQL injection attack in VB.Net and SQl Server. We will inject an SQL injection in our VB.Net application and we will avoid the same problem by using Parameterized query and store procedures.
0 comments:
Post a Comment