+ 16

How does sql injection works???

Sql coding

11th Mar 2019, 9:34 AM
felix Kiprop
felix Kiprop - avatar
4 Respuestas
+ 19
It works with badly written SQL. Basically an SQL statement as part of the input query gets processed because of a bunch of ""s. For example, "SELECT * FROM mytable WHERE name={name}" A carefully selected name can turn this to: "... name=[0;DROP mytable]"
11th Mar 2019, 11:20 AM
👑 Prometheus 🇸🇬
👑 Prometheus 🇸🇬 - avatar
+ 19
It is possible only in badly written databases When you type ' at the ending of a URL and if a error occurs then it is vulnerable Later a hacker add ' 1 or 1==1 in the ending This will produce every column in database because even if the code is wrong the second statement assigned as ,or ,will run and result would be true always
12th Mar 2019, 9:30 AM
UTSURO
UTSURO - avatar
+ 3
Which language is better for creating an online test on website, just like it used to be in competitive exams of Railway, Bank, SSC etc. ?
12th Mar 2019, 5:28 AM
Ashish Vaish
Ashish Vaish - avatar
- 13
It works with badly written SQL. Basically an SQL statement as part of the input query gets processed because of a bunch of ""s. For example, "SELECT * FROM mytable WHERE name={name}" A carefully selected name can turn this to: "... name=[0;DROP mytable]"
11th Mar 2019, 5:33 PM
Catherine Viana
Catherine Viana - avatar