Home > DeveloperSection > Interviews > What is SQL Injection?

Posted on    March-28-2011 5:07 AM

 DB2 DB2 
 1 Answer(s)
  1087  View(s)
Rate this:

Amit Singh

Total Post:565

Posted on    March-28-2011 12:00 AM

The Test Data Inputs are
1) ' (Single quote)
2) '1'='1
3) we can pass the same i/p's as query in the form of SELECT * FROM users WHERE name = '' OR '1'='1';
(If the text field accepts that much characters)
4) statement = "SELECT * FROM users WHERE name = '" + userName + "';"

Before trying to pass those inputs as a security tester try to catch the Table Name and Attributes(fields) if so you can play with refined Data attributes and find out more Security issues by SQL Injection.

First try to catch in the order Database Name->Table Name->Attributes->Data Types

Don't want to miss updates? Please click the below button!

Follow MindStick