Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking (http://www.go4expert.com/forums/ethical-hacking-forum/)
-   -   What is sql Injection is? (http://www.go4expert.com/forums/sql-injection-t1136/)

ocena 7Aug2006 14:57

What is sql Injection is?
 
What is sql injection? and qht does it do? and how it work?

shabbir 7Aug2006 16:48

Re: What is sql Injection is?
 
SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

This results in the potential manipulation of the statements performed on the database by the end user of the application.

Say you have an SQL for retrieving user information as below
Code: SQL

SELECT * FROM users WHERE name = '" + userName + "';"

Now instead of userName being a valid one it comes up as something like
a';DROP TABLE users;
then the SQL becomes
Code: SQL

SELECT * FROM users WHERE name = 'a';DROP TABLE users;

This will delete the users table on the MySQL database.

ocena 8Aug2006 05:37

Re: What is sql Injection is?
 
okey thanks for the infoe


All times are GMT +5.5. The time now is 14:07.