Services
Technology Web App Development Mobile App Development Windows App Development Database Development UI/UX Development Cloud Development SEO Digital Marketing Guest Posting Content Writing Artificial Intelligence Data Science ERP Development CRM Development CMS Development LMS Development Business Listing Blockchain Technology Startup Promotion
Products
Data Converter Cleaner TUC - Unit Converter Import Export Survey Manager Tweet Controller
Developer
Article Blog Forum Interview Beginner News Startup Quiz
Users
Career
Apply Job Internship
Pricing
Login Sign Up Get a Quote

interview

home / developersection / interviews / what is sql injection?
Ask Question

What is SQL Injection?

Amit Singh 2210 28 Mar 2011
db2 db2
Updated 18 Sep 2020
Amit Singh
Amit Singh

Other

Message

1 Answers

Amit Singh
Amit Singh 28 Mar 2011
Report Abuse
The Test Data Inputs are
1) ' (Single quote)
2) '1'='1
3) we can pass the same i/p's as query in the form of SELECT * FROM users WHERE name = '' OR '1'='1';
(If the text field accepts that much characters)
4) statement = "SELECT * FROM users WHERE name = '" + userName + "';"
Before trying to pass those inputs as a security tester try to catch the Table Name and Attributes(fields) if so you can play with refined Data attributes and find out more Security issues by SQL Injection.
First try to catch in the order Database Name->Table Name->Attributes->Data Types
advertising