Define SQL injection attack
- It occurs when SQL string is passed as user input to the application.
- This SQL injection attack can be prevented by validating the format of all strings passed as user input.
Example:Assume the following query -
Select * from Table_Name Where Firstname='" & TextBox1.Text & "'
- Here the user inputs x’ OR ‘x=x’ in TextBox1 then the above query returns a true value and the result will be displayed by starting all the records with letter x.