SQL injection attack Options

codeling Posts: 1089 Points: 4569
Posted: Tuesday, July 10, 2018 2:31:47 PM
string query = "SELECT * FROM Student where LastName = '" + lastName + "'";

Try this when lastName =

Jones';DELETE FROM STUDENT;--

Even if your tables are read-only, an attacker can find out a lot of information.

 
Users browsing this topic
Guest