SQL injection is a technique to break the security of application database.
It happens when a system accepts user input that is directly placed into sql
statement with out properly filtered with dangerous characters.
A attacker can not only steal your data but also delete or modify your data.
Generally attacker used dash character(-) and semicolon(;) to comment existing sql,end of existing sql statement.
so it is must to filter properly user input before apply it into databases.
In Ruby On Rails filtering of user inputs is done by framework.
Programmers do not have to worry about filtering of user inputs.
1 comment:
cool stuff!!!
Post a Comment