What is SQL Injection

Question

What is SQL Injection

I want to know about SQL injection.
So please help me.

+2

sql sql-injection

user328895 May 14 '10 at 9:08

a source to share

5 answers

Oded · Answer 1 · 2010-05-14T09:10:32+0000

Lots of information about SQL Injection on wikipedia and xkcd has a very good example.

In general, if your application uses a SQL database, a SQL Injection attack is an attempt to use your program to pass dangerous values to the SQL database.

The best preventative measure is to never create SQL rows without cleaning them up - the best way to do this is by using parameterized queries and widely used data access libraries.

Guffa · Answer 2 · 2010-05-14T09:12:39+0000

Start here: google "sql injection" .

You will see that there are many opportunities to read about this.

If you want to protect yourself from sql injection, you need to be more specific as the exact methods differ depending on the database and platform using the database.

vodkhang · Answer 3 · 2010-05-14T09:10:32+0000

It is an input manipulation technique to manipulate your sql. More details here are better for you Attacks by example

Wiki

0

vodkhang May 14 '10 at 9:10

a source to share

Troy hunt · Answer 4 · 2010-05-17T01:03:23+0000

Several places to get started:

OWASP : A set of principles for building a secure web application. Check the first Top 10 entry on injection
.NET developer injection . Details on what it is and how to protect against it if you work with .NET.

KZoal · Answer 5 · 2010-05-17T02:11:53+0000

This allows an attacker to manipulate existing data, destroy data or make it otherwise inaccessible and shortly become database server administrators ...

This attack involves injecting SQL commands into the input of a query, which results in pre-defined SQL commands being emitted.

What is SQL Injection

More articles: