Tuesday, 4 December 2012

Sql Parameter & Injection

Sql Parameter & Injection

Sql Parameter :- To prevent Sql injection we use sql parameter.

Sql Injection :- fetching the values from database to make condition true illegally called sql injection.
                         example:- sql satement--- select * from [table name] where [column name]=[condition];
                   Condition with Sql Injection------select * from [table name] where [column name]= 1 or 1=1 ;

                                   The statement will always true..

     see next for detailed code information...

No comments:

Post a Comment