DBMS Interview Questions and Answers
Question: What is SQL injection?Answer:It is a Form of attack on a database-driven Web site in which the attacker executes unauthorized SQL commands by taking advantage of insecure code on a system connected to the Internet, bypassing the firewall. SQL injection attacks are used to steal information from a database from which the data would normally not be available and/or to gain access to an organization’s host computers through the computer that is hosting the database. SQL injection attacks typically are easy to avoid by ensuring that a system has strong input validation. As name suggest we inject SQL which can be relatively dangerous for the database. Example this is a simple SQL SELECT email, passwd, login_id, full_name FROM members WHERE email = 'x' Now somebody does not put “x” as the input but puts “x ; DROP TABLE members;”. So the actual SQL which will execute is :- SELECT email, passwd, login_id, full_name FROM members WHERE email = 'x' ; DROP TABLE members; Think what will happen to your database. |
Is it helpful?
Yes
No
Most helpful rated by users:
- What is database or database management systems (DBMS)?
- What is SQL?
- What's the difference between file and database? Can files qualify as a database?
- What’s difference between DBMS and RDBMS?
- How many types of relationship exist in database designing?