“Apa itu Injeksi SQL” Kode Jawaban

Injeksi SQL

imagine if there is an input line on website where you type a name of some dish
to find it , then it will look like something like this:
--------------------------------------------------------------------------------
Your regular input: 
	"Salad" => InputString = "Salad"
query on serever: 
	select * from menu where dish_name = InputString
    					or
    select * from menu where dish_name = 'Salad'
--------------------------------------------------------------------------------
Your injection try:
	"Salad'; drop table menu --" => InputString = "Salad'; drop table menu --"
query on serever: 
	select * from menu where dish_name = InputString
    					or
    select * from menu where dish_name = 'Salad'; drop table menu --'
--------------------------------------------------------------------------------
what we are doing is using "Salad';" in input to be able to create new query
after that line , then adding "drop table menu" query or something else if you 
want and in the end "--" part to comment the rest (in our case the apostrophe) 
so we dont get syntax exeption. thats how we dropped menu table

To Defend server: filter symbols like - ; ) etc.  [sorry im not too good in eng]
Powerful Panda

Apa itu Injeksi SQL

SQL injection attacks allow attackers to spoof identity and with existing data,
cause repudiation issues such as voiding transactions or changing balances, 
allow the complete disclosure of all data on the system, destroy the data or 
make it otherwise unavailable
Programmer of empires

Injeksi SQL

txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
naly moslih

Jawaban yang mirip dengan “Apa itu Injeksi SQL”

Pertanyaan yang mirip dengan “Apa itu Injeksi SQL”

Lebih banyak jawaban terkait untuk “Apa itu Injeksi SQL” di Sql

Jelajahi jawaban kode populer menurut bahasa

Jelajahi bahasa kode lainnya