Sql Parameter & Injection
Sql Parameter :- To prevent Sql injection we use sql parameter.
Sql Injection :- fetching the values from database to make condition true illegally called sql injection.
example:- sql satement--- select * from [table name] where [column name]=[condition];
Condition with Sql Injection------select * from [table name] where [column name]= 1 or 1=1 ;
The statement will always true..
see next for detailed code information...
Sql Injection :- fetching the values from database to make condition true illegally called sql injection.
example:- sql satement--- select * from [table name] where [column name]=[condition];
Condition with Sql Injection------select * from [table name] where [column name]= 1 or 1=1 ;
The statement will always true..
see next for detailed code information...
No comments:
Post a Comment