Discussion in 'SQL PL/SQL' started by ssankars, Nov 3, 2011.
I want to learn SQL Injection .Can anybody help me out for this.
Why do you want to learn such a destructive act?
Thanks for your reply...
I want to learn this act (SQL Injection) so that i can protect my codes from SQL Injection attack.
Sidharth my friend. "SQL injection" is highly dependent on how the application executes sql queries and it is dependent on how the application is written. It's not a standalone programming technique you can learn. In it's simplest form, it means writing a query in the frontend of an application where user input is expected. If the user input is not properly "sanitized" by the application before executing it in a query, the application can inadvertently end up executing the statement which was entered on the front end.
Almost all modern programming languages have functions to clean user input data which are called upon receiving the input. One particularly vulnerable area of any application is the search frontend as the search input is almost always passed to the database for querying of some sort.