Results 1 to 4 of 4
  1. #1
    Join Date
    Mar 2009
    Posts
    47

    Question Unanswered: Query in SQL Injection

    Hi I have a Query in SQL Injection...Is SQL Injection possible in Insert or Update Query?I have googled I got the solutions which shows tht SQL Injection in select Query and tht too when user is loging in...
    So if u could help me with some examples...

  2. #2
    Join Date
    Feb 2004
    Location
    In front of the computer
    Posts
    15,579
    Provided Answers: 54
    Injection is possible in any SQL statement that uses character data where that data is not validated or encapsulated by the client application.

    I'm sure that some examples were provided in class. Ask your teacher for guidance.

    -PatP
    In theory, theory and practice are identical. In practice, theory and practice are unrelated.

  3. #3
    Join Date
    Dec 2007
    Location
    London, UK
    Posts
    741
    SQL Injection is possible anywhere you use dynamic SQL that isn't properly validated or parameterised. So if you have a dynamic INSERT or UPDATE statement then that's a potential injection vulnerability. Static SQL code is not vulnerable to SQL injection.

  4. #4
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    Same with a dynamic "SELECT", for that matter.
    If it's not practically useful, then it's practically useless.

    blindman
    www.chess.com: "sqlblindman"
    www.LobsterShot.blogspot.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •