Question
The following line of code have the SQL injection vulnerability, where id is an input. String query = select name from students where id =
The following line of code have the SQL injection vulnerability, where id is an input.
String query = "select name from students where id = " + id + ";";
(a) Show an exploitation that always makes a true condition of the query.
(b) If id is of type integer, discuss two security methods to prevent the injection.
(c) If id is of type char, the query string will be the following. Show an exploitation that always makes a true condition of the query.
String query = "select name from students where id = '" + id + "';";
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Sql++ For Sql Users A Tutorial
Authors: Don Chamberlin
1st Edition
0692184503, 978-0692184509
