Reply to thread

Message: <blockquote data-quote="OptiplexFx" data-source="post: 5943371" data-attributes="member: 208281">Menna eka gana podi wistharayak: <a href="http://en.wikipedia.org/wiki/SQL_injection" target="_blank">SQL Injection-Wikipedia</a> Basically SQL injection walin pulwan SQL statement ekaka parameters use karala statement eken adahas karala thiyana deyata wada wenath deyak karaganna. Oya Wikipedia article eke example ekak menna :Hithanna menna me wage statement ekak thiyanawa kiyala [CODE]SELECT * FROM users WHERE name = '" + userName + "';[/CODE]Api hithamu oya statement eka login page ekakata daala thiyanawa kiyala. Kauruhari valid user kenek valid user name ekak enter kaloth oya query eken not null result ekak return karanna one. Namuth userName kiyana eka wenuwata api [CODE]a' or 't'='t[/CODE]wage ekak enter kaloth statement eka menna me widihata wenas wenawa[CODE]SELECT * FROM users WHERE name = 'a' OR 't'='t';[/CODE]Oya statement eken hama welawema records rerun karanawa, mokada hama welawema t=t kiyana eka true wena nisa. Eeh kiyanne boru user kenekuta unath SQL oya SQL statement eka use karala records okkoma retrieve karaganna puluwan. Oya widihata horen samahara SQL statements exploit karana eka thamai SQL injection wala basic idea eka.</blockquote>

Top Bottom