SQL injection is a code injection technique that exploits a security vulnerability occurring in
the database layer of an application
Example
SELECT * FROM users WHERE name = 'a';DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 't';
If this code were to be used in an authentication procedure then this example could be used to force the selection of a valid username because the evaluation of 't'='t' is always true.
Reference : http://en.wikipedia.org/wiki/SQL_injection
Example
SELECT * FROM users WHERE name = 'a';DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 't';
If this code were to be used in an authentication procedure then this example could be used to force the selection of a valid username because the evaluation of 't'='t' is always true.
Reference : http://en.wikipedia.org/wiki/SQL_injection
ليست هناك تعليقات:
إرسال تعليق