I want to know about SQL injection.
So, please help me.
Lots of information about SQL Injection on wikipedia, and xkcd has a very good example as well.
In general, if your application is using a SQL database, a SQL Injection attack is an attempt to use your program to pass dangerous values to the SQL database.
The best preventative measures are to never construct SQL strings without cleaning them up - the best way to do this is to use parameterized queries and widely used data access libraries.
Start here: google "sql injection".
You will see that there is plenty to read about it.
If you want to protect yourself against sql injection, you have to be a bit more specific, as the exact methods differ depending on the database and on the platform using the database.
It is the technique to manipulate the input to control your sql. Read more here is better for you Attacks by Example
Couple of places to get started:
- OWASP: Lots of principals on secure web app design. Check the first entry of the Top 10 on injection
- Injection for .NET developers: Details on what it is and how to protect against it if you're working with .NET.
It allow a attacker to tamper with existing data, destroy the data or make it otherwise unavailable, and in short become administrators of the database server...
This attack involves injecting SQL commands in the query input thus effecting predefined SQL commands exection.
来源:https://stackoverflow.com/questions/2832938/what-is-sql-injection