A variation on a script exploit is one that causes malicious SQL statements to be executed. This can occur if an application prompts users for information and then concatenates the user's input into a string representing the SQL statement. For example, an application might prompt for a customer name with the intention of executing a statement, such as the following:
"Select * From Customers where CustomerName = " & txtCustomerName.Value
But a malicious user who knows something about the database could use the text box to enter an embedded SQL statement with the customer name, resulting in a statement like the following:
Select * From Customers Where CustomerName = 'a' Delete From Customers Where CustomerName > ''
Now when the above query is executed, it will delete all the customers records from the DB.
Protection
To protect against SQL statement exploits, never create SQL queries using string concatenation. Instead, use a parameterized query and assign user input to parameter objects.
skip to main (ir a principal) |
skip to sidebar (ir al sidebar)
Coding articles on developing applications using various software development languages, frameworks, tools and technologies such as c#, javascript, asp.net, typescript, python, angular, reactjs and many more.
SEARCH
LATEST
3-latest-65px
POPULAR-desc:Trending now:
-
This is error occurs when you have installed IIS after installing Microsoft Visual Studio. So to overcome this error you can either run aspn...
-
Reason: This error occurs partily due to the new memory management feature added in the asp.net2.0 therefore you may wonder same code after ...
-
Sometime you may encounter below mentioned error when you try to access web service in your .net application. Possible SOAP version mismatch...
SECCIONS
- .Net Core (1)
- C# (1)
- Entity Framework (1)
- SQL Server (1)
Copyright © 2019
Sanjay Saini's Tech World with Coding Articles for Geeks.
No comments:
Post a Comment