int[] twos = { 2, 4, 6, 8, 10 };
int[] threes = { 3, 6, 9, 12, 15 };
// 6
var intersection = twos.Intersect(threes);
// 2, 4, 8, 10
var except = twos.Except(threes);
// 2, 4, 7, 8, 10, 3, 9, 12, 15
var union = twos.Union(threes);
Monday, March 21, 2011
Understand SQL Injection by code
If put the following string in the SSN text box
' ; DROP DATABASE pubs --
Using the input, the application executes the following stored procedure, which internally executes a similar SQL statement.
SqlDataAdapter myCommand = new SqlDataAdapter(
"LoginStoredProcedure '" +
SSN.Text + "'", myConnection);
The code INJECT into the user's malicious input and generates the following query.
SELECT au_lname, au_fname FROM authors WHERE au_id = ''; DROP DATABASE pubs --'
Reference:
How To: Protect From SQL Injection in ASP.NET
Subscribe to:
Posts (Atom)