SQL Server interview questions: - Show us SQL injection in SQL Server?
- By Shiv Prasad Koirala in SQL
- Sep 23rd, 2011
- 5260
- 0
This is one of the most favorite SQL Server interview questions asked by the interviewer.
It is basically a Form of attack on a database-driven Web site in which the attacker executes unauthorized SQL commands by taking advantage of insecure code on a system connected to the Internet, bypassing the firewall. SQL injection attacks are used to steal information from a database from which the data would normally not be available and/or to gain access to an organization's host computers through the computer that is hosting the database.
SQL injection attacks typically are easy to avoid by ensuring that a system has strong input validation.
As name suggest we inject SQL which can be relatively dangerous for the database. Example this is a simple SQL
SELECT email, passwd, login_id, full_nameFROM membersWHERE email = 'x'
Now somebody does not put "x" as the input but puts "x ; DROP TABLE members;". So the actual SQL which will execute is:-
SELECT email, passwd, login_id, full_nameFROM membersWHERE email = ‘x'; DROP TABLE members;
Think what will happen to your database.
Here is our latest 20+ SQL Interview Questions and Answers video :-
Also see author's other blog on SQL server interview questions | Get more materials on Sql Server interview questions
Shiv Prasad Koirala
Visit us @ www.questpond.com or call us at 022-66752917... read more
- By Shiv Prasad Koirala
- Jun 21st, 2013
- 163240
- 0
.NET interview questions 6th edition (Sixth edition) - By Shivprasad Koirala
- By Shiv Prasad Koirala
- Dec 8th, 2016
- 88968
- 0
Exception Handling in C# using example step by step
- By Shiv Prasad Koirala
- Sep 7th, 2013
- 71872
- 0
