hi, friends
I want to know about sql injection So, please help me
Thanks!
+3
A:
Lots of information about SQL Injection on wikipedia, and xkcd has a very good example as well.
In general, if your application is using a SQL database, a SQL Injection attack is an attempt to use your program to pass dangerous values to the SQL database.
The best preventative measures are to never construct SQL strings without cleaning them up - the best way to do this is to use parameterized queries and widely used data access libraries.
Oded
2010-05-14 09:10:32
A:
It is the technique to manipulate the input to control your sql. Read more here is better for you Attacks by Example
vodkhang
2010-05-14 09:10:32
http://www.sommarskog.se/dynamic_sql.htmlalso has some good advice
HLGEM
2010-05-14 15:22:42
+2
A:
Start here: google "sql injection".
You will see that there is plenty to read about it.
If you want to protect yourself against sql injection, you have to be a bit more specific, as the exact methods differ depending on the database and on the platform using the database.
Guffa
2010-05-14 09:12:39
A:
Couple of places to get started:
- OWASP: Lots of principals on secure web app design. Check the first entry of the Top 10 on injection
- Injection for .NET developers: Details on what it is and how to protect against it if you're working with .NET.
Troy Hunt
2010-05-17 01:03:23
A:
It allow a attacker to tamper with existing data, destroy the data or make it otherwise unavailable, and in short become administrators of the database server...
This attack involves injecting SQL commands in the query input thus effecting predefined SQL commands exection.
KZoal
2010-05-17 02:11:53