interview

home / developersection / interviews / what is sql injection?

Ask Question

What is SQL Injection?

Amit Singh 2178 28-Mar-2011
db2 db2 
Updated on 18-Sep-2020
Amit Singh

Other

Message
Can you answer this question?
Answer

1 Answers

Amit Singh

Amit Singh

28-Mar-2011
The Test Data Inputs are
1) ' (Single quote)
2) '1'='1
3) we can pass the same i/p's as query in the form of SELECT * FROM users WHERE name = '' OR '1'='1';
(If the text field accepts that much characters)
4) statement = "SELECT * FROM users WHERE name = '" + userName + "';"
Before trying to pass those inputs as a security tester try to catch the Table Name and Attributes(fields) if so you can play with refined Data attributes and find out more Security issues by SQL Injection.
First try to catch in the order Database Name->Table Name->Attributes->Data Types
advertising
advertising

Liked By

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy