TECHNOLOGIES
FORUMS
JOBS
BOOKS
EVENTS
INTERVIEWS
Live
MORE
LEARN
Training
CAREER
MEMBERS
VIDEOS
NEWS
BLOGS
Sign Up
Login
No unread comment.
View All Comments
No unread message.
View All Messages
No unread notification.
View All Notifications
Answers
Post
An Article
A Blog
A News
A Video
An EBook
An Interview Question
Ask Question
Forums
Monthly Leaders
Forum guidelines
Sachin Singh
10
55.8k
75k
is there a way to check query after parameters are applied?
Dec 28 2020 2:07 PM
Consider below query , i am passing (-- double dash in username to bypass password)
SqlCommand cmd=
new
SqlCommand(
"Select * from users where username=@UserName and Password=@password"
,con );
Now, i am passing username as Sachin'-- and with password field empty.
According to me , the query now becomes
Select
*
from
users
where
username=
'Sachin'
--' and Password=''
As you can see, it seems like i am successfully able to bypaas Password , i just wanted to know how the query is constructed when parameters are used , cause obviously it prevents SQL injection.
Please take the same example and clearify.
Reply
Answers (
4
)
problem in loading ul and li in javascript dynamically from DB..
Make A Web API in .net