SQL Injection is a vulnerability in your web database app, a method of
hacking into it.

In a database driven website, you send parameters to the server. A hacker
can/will put SQL command strings into these parameters in an attempt to make
your code break down and impart some information that you did not want it to
make available.

It's not a good thing and you want to code your app to thwart it.

Most books on PHP, ASP etc devote at least a chapter to it.

Alec Wood


-----Original Message-----
From: J.Saraboji
[mailto:mssqldba-ezmlmshield-x20449746.[Email address protected]
Sent: 31 March 2008 06:46
To: LazyDBA Discussion
Subject: SQL injection

Hi All,



What is SQL Injection? How can I use this feature one of my web site
databases?



Any one helps on this topic and gives some article please.





Thanks & Regards,

JSaraboji,

MSSQL - DBA,

Direction Software Solutions,

Contact : +91 22 66615000. EXT 336

E-Mail : j.[Email address protected]





---------------------------------------------------------------------
TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
To post a dba job: http://jobs.lazydba.com
To subscribe : http://www.LazyDBA.com
To unsubscribe: http://www.lazydba.com/unsubscribe.html

No virus found in this incoming message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.22.1/1350 - Release Date: 30/03/2008
12:32


No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.22.1/1350 - Release Date: 30/03/2008
12:32



MS Sql Server LazyDBA home page