Question:
What's an SQL injection?
Answer:
SQL Injection is when form data contains an SQL escape sequence and injects a new SQL query to be run. Source: CoolInterview.com
SQL Injection is an attempt to inject malicious codes(queries) to the Database Server that is very harmful for the database.<br>For Ex. if a user wants to input some text to database table's column,instead for passing the data, he also includes some extra codes like 'column_content_data;DROP TABLE Employees'.<br>In the above content ';' acts an an SQL query terminator, and hence DROP TABLE Employees becomes a totally new SQL Command which will drop the table Employees. In this way the malicious act of damaging the database server is done.<br>This process of injecting the malicious codes to the Database Server is known as SQL Injection.<br>In order to avoid SQL Injection, pass on the required column data in the form of parameters prefixed with @. In this way the whole SQL Query becomes parametrised and is treated as a single command.Any invalid command(Query) will not be executed by the server hence.<br><br> Source: CoolInterview.com
Answered by: Krishna Kant Tiwari | Date: 11/16/2009
| Contact Krishna Kant Tiwari
If you have the better answer, then send it to us. We will display your answer after the approval.
Rules to Post Answers in CoolInterview.com:-
- There should not be any Spelling Mistakes.
- There should not be any Gramatical Errors.
- Answers must not contain any bad words.
- Answers should not be the repeat of same answer, already approved.
- Answer should be complete in itself.
|