Monday, December 5, 2011

SQL Injection

Sql injection is an attack in which malicious code is inserted into string that are later passd to the Sql server for parsing & execution.

EX :
var Shipcity = Request.Form("ShipCity")
var SQL = 'select * from Order where Shipcity =''"+Shipcity+"''

If the user is promted to enter a cityname(like Delhi) then the qry will be

[ select * from Order where Shipcity = 'Delhi' ]

assume that an expert user enter the cityname as
(Delhi';drop table order--)

In this case your qry will be:

[ select * from Order where Shipcity = 'Delhi';drop table order--]

Note : -- is comment in sql server

And when this query will be executed then it will first select the row based in passed CityName and then drop your table form the database.

This type of problem is called SQL Injection:

TC of it by :
1 - Remove all special chars from user input.
2 - Always use SP instead of direct QRY.
3 - Avoid to take the filter condition data in txtbox use dropdown as possible as.

No comments:

Popular Posts