Skip to main content

Example of SQL Injection attack

SQL Injection means, Inject the database by the SQL Query, this query executed by the input control like TextBox, URL etc. Suppose we have a table department and we want to retrieve some data from the table by the TextBox. You want to retrieve all the rows, which is related to first department no. Now, you should to enter 1 in the TextBox, then you will get rows, which is related to putted number in the TextBox. If you want to put some number like:

1 or 1=1 then you will get all rows which is available in the table.
If this query is executed it means deletion is also possible with the table.Like
1;Drop table table_name

Source Code
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="my.aspx.cs" Inherits="my" %>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
 </head>
<body>
<form id="form1" runat="server">

    Enter Department_No :
    <asp:TextBox ID="TextBox1" runat="server" Width="220px"></asp:TextBox>
    <br />
    <br />
    <asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="Search Data" />
    <asp:GridView ID="GridView1" runat="server">
    </asp:GridView>

</form>
</body>
</html> 

Code Behind

using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.IO;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
public partial class my : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
    SqlConnection con = new SqlConnection();
    con.ConnectionString =ConfigurationManager.ConnectionStrings["ConnectionString"].ToString();
    con.Open();

    SqlCommand cmd = new SqlCommand();
    cmd.CommandText = "select * from [Department] where dept_no=" + TextBox1.Text;
    cmd.Connection = con;
    DataSet ds = new DataSet();
    SqlDataAdapter da = new SqlDataAdapter(cmd);
    da.Fill(ds);
    GridView1.DataSource = ds;
    GridView1.DataBind();


}
}
Now code Generate the following output

Comments

Popular posts from this blog

difference between structure and union in C Language

In c language article we will see the difference between union and structure. Both are the user define datatype in c language. See the table which is mentioned below: ASP.NET Video Tutorial Series Structure Union1.The keywordstruct is used to define a structure 1. The keyword union is used to define a union. 2. When a variable is associated with a structure, the compiler allocates the memory for each member. The size of structure is greater than or equal to the sum ofsizes of its members. The smaller members may end with unused slack bytes. 2. When a variable is associated with a union, thecompiler allocates thememory by considering the size of the largest memory. So, size of union is equal to the size of largest member. 3. Each member within a structure is assigned unique storage area of location. 3. Memory allocated is shared by individual members of union. 4. The address of each member will be in ascending order This indicates that memory for each member will start at different offset v…

Difference between Linear search and Binary Search in c language

SQL Video Channel : Download all SQL Video



Binary Search Linear Search Works only on sorted items. such as  1,2,3,4,5,6  etc
Works on sorted as well as unsorted items. 12,4,5,3,2,1 etc Very efficient if the items are sorted Very efficient if the items are less and present in the beginning of the list. such as Suppose your list items are : 12,3,4,5,1 and you want to search 12 number then you get beginning in the list. Works well with arrays and not on linked lists. Works with arrays and linked lists.
Number of comparisons are less More number of comparisons are required if the items are present in the later part of the array or its elements are more.

Memory representation of Linked List Data Structures in C Language

Memory representation of Linked List

             In memory the linked list is stored in scattered cells (locations).The memory for each node is allocated dynamically means as and when required. So the Linked List can increase as per the user wish and the size is not fixed, it can vary.

               Suppose first node of linked list is allocated with an address 1008. Its graphical representation looks like the figure shown below:


      Suppose next node is allocated at an address 506, so the list becomes,



  Suppose next node is allocated with an address with an address 10,s the list become,


The other way to represent the linked list is as shown below:




 In the above representation the data stored in the linked list is “INDIA”, the information part of each node contains one character. The external pointer root points to first node’s address 1005. The link part of the node containing information I contains 1007, the address of next node. The last node …