This is one of the most favorite SQL Server interview questions asked by the
interviewer.
It is basically a Form of attack on a database-driven Web site in which the
attacker executes unauthorized SQL commands by taking advantage of insecure code
on a system connected to the Internet, bypassing the firewall. SQL injection
attacks are used to steal information from a database from which the data would
normally not be available and/or to gain access to an organization’s host
computers through the computer that is hosting the database.
SQL injection attacks typically are easy to avoid by ensuring that a system has
strong input validation.
As name suggest we inject SQL which can be relatively dangerous for the
database. Example this is a simple SQL
Now somebody does not put “x” as the input but puts “x ; DROP TABLE members;”. So the actual SQL which will execute is:-
Think what will happen to your database.
Also see another SQL server interview questions video on difference between unique key and
primary key as follows: -
Get more materials on Sql Server interview questions
Regards,
Also see author’s other blog on SQL server interview questions
interviewer.
It is basically a Form of attack on a database-driven Web site in which the
attacker executes unauthorized SQL commands by taking advantage of insecure code
on a system connected to the Internet, bypassing the firewall. SQL injection
attacks are used to steal information from a database from which the data would
normally not be available and/or to gain access to an organization’s host
computers through the computer that is hosting the database.
SQL injection attacks typically are easy to avoid by ensuring that a system has
strong input validation.
As name suggest we inject SQL which can be relatively dangerous for the
database. Example this is a simple SQL
SELECT email, passwd, login_id, full_name FROM members WHERE email = 'x'
Now somebody does not put “x” as the input but puts “x ; DROP TABLE members;”. So the actual SQL which will execute is:-
SELECT email, passwd, login_id, full_name FROM members WHERE email = ‘x’; DROP TABLE members;
Think what will happen to your database.
Also see another SQL server interview questions video on difference between unique key and
primary key as follows: -
Get more materials on Sql Server interview questions
Regards,
Also see author’s other blog on SQL server interview questions
No comments:
Post a Comment