Register now or log in to join your professional community.
SQL injection contains some dynamic statements which can be pass into SQL error effected area and retrieve the desired results from database.
Dynamic sql statements by passing required variables runtime and receiving the results in local structures to make use of the retrieved info in the programs. Thanks.
SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
thank you for the invitation
It refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server (also commonly referred to as a Relational Database Management System – RDBMS). Since an SQL Injection vulnerability could possibly affect any website or web application that makes use of an SQL-based database, the vulnerability is one of the oldest, most prevalent and most dangerous of web application vulnerabilities.
SQL injection is very dangerous thing. It may be destroy your application and database. In other word its type of error or bug to insert your application and try to hack it.
SQL Injection is a type of SQL attack in which an SQL command is entered into a system using input field on a web page. These SQL commands are meant to harm the system. It is usually advised to analyze the user input before saving it in the database, just to make sure there's no malicious bit of code in it.
Check this link for more details about SQL Injection
SQL Injection is type of inserting too much data in a database, that it will become too slow that others request may be pending and delayed by the database administrator.
SQL Injection:
SQL injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data. An SQL query is a request for some action to be performed on a database. Typically, on a Web form for user authentication, when a user enters their name and password into the text boxes provided for them, those values are inserted into a SELECT query. If the values entered are found as expected, the user is allowed access; if they aren't found, access is denied. However, most Web forms have no mechanisms in place to block input other than names and passwords. Unless such precautions are taken, an attacker can use the input boxes to send their own request to the database, which could allow them to download the entire database or interact with it in other illicit ways.
I can also suggest a link:
http://stackoverflow.com/questions/601300/what-is-sql-injection