Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

What is SQL injection?

user-image
Question ajoutée par Imran Zabih , Lead Software Engineer , Freelance
Date de publication: 2017/01/12
Haroon Ahmad Dar
par Haroon Ahmad Dar , web developer , Swenggco Software

SQL injection contains some dynamic statements which can be pass into SQL error effected area and retrieve the desired results from database.

Gayasuddin Mohammed
par Gayasuddin Mohammed , Advocate , Practicing Law before High Court at Hyderabad

Dynamic sql statements by passing required variables runtime and receiving the results in local structures to make use of the retrieved info in the programs. Thanks.

Zoraiz Ali
par Zoraiz Ali , Lectureship , College

SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

antonios awadallah
par antonios awadallah , HRMS Application Consultant , HITS Technologies

thank you for the invitation

It refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server (also commonly referred to as a Relational Database Management System – RDBMS). Since an SQL Injection vulnerability could possibly affect any website or web application that makes use of an SQL-based database, the vulnerability is one of the oldest, most prevalent and most dangerous of web application vulnerabilities.

shakeel mir
par shakeel mir , Senior Software Developer , Rawat-Al-Makan

SQL injection is very dangerous thing. It may be destroy your application and database. In other word its type of error or bug to insert your application and try to hack it.

Syed Sohaib Ahmed
par Syed Sohaib Ahmed , D365 FO Developer , Airswift

SQL Injection is a type of SQL attack in which an SQL command is entered into a system using input field on a web page. These SQL commands are meant to harm the system. It is usually advised to analyze the user input before saving it in the database, just to make sure there's no malicious bit of code in it.

Check this link for more details about SQL Injection

Utilisateur supprimé
par Utilisateur supprimé

SQL injection is a technique where malicious users (like hackers) can inject SQL commands into an SQL statement, via web page input. These injected SQL commands can alter SQL statement and compromise the security of a web application.

Muhammad Nauman
par Muhammad Nauman , Salima Garments & Tailoring Company , Salima Garments & Tailoring Company LLC

SQL Injection is type of inserting too much data in a database, that it will become too slow that others request may be pending and delayed by the database administrator.

Ziauddin Zia
par Ziauddin Zia , Software Engineer , Asia Poultry Feeds (Pvt) Ltd

SQL Injection:

SQL injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data. An SQL query is a request for some action to be performed on a database. Typically, on a Web form for user authentication, when a user enters their name and password into the text boxes provided for them, those values are inserted into a SELECT query. If the values entered are found as expected, the user is allowed access; if they aren't found, access is denied. However, most Web forms have no mechanisms in place to block input other than names and passwords. Unless such precautions are taken, an attacker can use the input boxes to send their own request to the database, which could allow them to download the entire database or interact with it in other illicit ways.

I can also suggest a link:

http://stackoverflow.com/questions/601300/what-is-sql-injection

More Questions Like This