+ 16
How does sql injection works???
Sql coding
4 odpowiedzi
+ 19
It works with badly written SQL.
Basically an SQL statement as part of the input query gets processed because of a bunch of ""s. For example,
"SELECT * FROM mytable WHERE name={name}"
A carefully selected name can turn this to:
"... name=[0;DROP mytable]"
+ 19
It is possible only in badly written databases
When you type ' at the ending of a URL and if a error occurs then it is vulnerable
Later a hacker add ' 1 or 1==1 in the ending
This will produce every column in database because even if the code is wrong the second statement assigned as ,or ,will run and result would be true always
+ 3
Which language is better for creating an online test on website, just like it used to be in competitive exams of Railway, Bank, SSC etc. ?
- 13
It works with badly written SQL.
Basically an SQL statement as part of the input query gets processed because of a bunch of ""s. For example,
"SELECT * FROM mytable WHERE name={name}"
A carefully selected name can turn this to:
"... name=[0;DROP mytable]"