An SQL injection attack consists of insertion or "injection" of an SQL query via the input data from the client to the application. Attackers potentially use SQL Injection to: -Logging into your applicatiob by Bypassing the authentication. -Gaining access to your sensitive information in the database. -Tampering or destroying data. There are two complementary and successful methods of mitigating SQL Injection attacks: -Parameterized queries using bound, typed parameters. -Careful use of parameterized stored procedures. So one common use of such queries is explained in the below example written in Dot Net, which uses Parameterized queries for the variables declared with initial @. And also you can avoid the error caused by Apostophe (') in the variable if you are updating a table. Like if you have a variable like O'Connor then you app will throw an error, which can be avoided by the use of Parameterized query. It is one of the best way to avoid h...
A blog about software and web app learning/coding, revolving around .net, JavaScript, sql, html, css and whatever technical I found in this beautiful world.