sabithagopi

 Profile Answers by sabithagopi 

• Jan 22nd, 2007

 

SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

sabithagopi

 Profile Answers by sabithagopi 

• Jan 23rd, 2007

 

SQL Injection happens when a developer accepts user input that is directly placed into a SQL Statementand doesn't properly filter out dangerous characters. This can allow an attacker to not only stealdata from your database, but also modify and delete it.

Lakshaman

• Jan 24th, 2007

 

An exampleWe accept user and password and validate likeselect 1 from users where username = 'username' and password = 'pwd';What if username string is passed like [x' or 1=1; --]select 1 from users where username = 'x' or 1=1; --' and password = 'pwd';