.jpg)
- SQL
Injection is a code injection technique.
- It
is the placement of malicious code in SQL strings.
- SQL
Injection is one of the most common web hacking techniques.
- These
attacks only work with apps that internally use SQL.
first we make a table
Customer in sql server
create table Customer
(
SrNo int identity(1,1),
Name varchar(50),
Gender
varchar(50),
Email_Id
varchar (50) primary key,
Password varchar (50),
salary
int
)
Then we insert values
in table
insert into Customer values('Deepak','Male','deepak@gmail.com','1234',456789)
after insert we search
data through Email_Id and Password
select * from Customer where
Email_Id='deepak@gmail.com'
and Password='1234'
This time we have No knowledge of data which is
present in customer table but we easily find out the output by these given query
which is given below :-
·
select * from Customer where Email_Id='deepak@gmail.com' or
1=1
·
SELECT *
FROM Customer WHERE
Email_Id='' or '1'='1' and Password='' or '1'='1'
As you seen from above query we easily find
out the data from the table Due to This reason Microsoft introduce parameter
concept
******************************************************************
Let see the
value we pass without parameter on web application of visual studio.net
Html code of LogIn
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
<style type="text/css">
.auto-style1 {
width: 100%;
}
.auto-style2 {
height: 26px;
}
</style>
</head>
<body style="height: 268px">
<form id="form1" runat="server">
<div>
<table class="auto-style1">
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td>Email_id</td>
<td>
<asp:TextBox ID="txtEmail" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td class="auto-style2">Password</td>
<td class="auto-style2">
<asp:TextBox ID="txtPassword" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td>
<asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="Button" />
<asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
</td>
</tr>
</table>
</div>
</form>
</body>
</html>
***********************************************************
Source code of LogIn
using System;
using System.Collections.Generic;
using System.Data.SqlClient;
using System.Drawing;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
public partial class parameter : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(@"Data
Source=LAPTOP-46CG83DS;Initial Catalog=testdb;Integrated Security=True");
//In below case we pass the
value through parameter concept
SqlCommand cmd = new SqlCommand("select * from
Customer1 where Email_Id=@Email_Id and Password=@Password", con);
cmd.Parameters.AddWithValue("@Email_Id",txtEmail.Text);
cmd.Parameters.AddWithValue("@Password", txtPassword.Text);
//In given below case we
didn’t pass the value through parameter concept
SqlCommand cmd = new SqlCommand("select *
from Customer1 where Email_Id='" + txtEmail.Text.Trim() + "' and
Password='"
+ txtPassword.Text + "'",
con);
con.Open();
SqlDataReader dr =
cmd.ExecuteReader();
if (dr.HasRows)
{
dr.Read();
Session["email"] = dr["Email_Id"].ToString();
Response.Redirect("welcom.aspx");
}
{
Label1.ForeColor = Color.Red;
Label1.Text = "user
id and password not found";
}
con.Close();
}
}
Note:
In the above code
we don’t follow the parameter concept but through sql injection concept we will
easily access to the welcome page easily. By putting password as ' or '1'='1
But in this case we
pass the parameter and we don’t access the data easily .we have to fill Email_id and correct Password then we can
access to welcome page
