• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Types of SQL injections

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How many types of SQL injections are there?
 
Saloon Keeper
Posts: 15491
363
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not sure what you mean by "type of SQL injection". How do you distinguish between two different types?
 
Bartender
Posts: 1205
22
  • Likes 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Does this help?  https://en.wikipedia.org/wiki/SQL_injection
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Likes 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Obligatory xkcd:

 
Ranch Hand
Posts: 460
6
Netbeans IDE Oracle Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Super explication.
 
Bartender
Posts: 598
26
Oracle Notepad Linux
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is only one type of injection, that is, using a value for something other than a value. There is (basically) only one way to protect against this, and that is to always use bind variables for passed values.

There are some variants that might be considered another "type" of injection, but they all boil down to the same thing anyway. Just don't use dynamic SQL.
 
Bartender
Posts: 1152
20
Mac OS X IntelliJ IDE Oracle Spring VI Editor Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm guessing you're asking about parameter substitution when using dynamic SQL which is ran within a cursor?  I think it would depend upon the database product that you are using?

Informix had a nice feature allowing you to bind form variables to SQL cursors; Constuct Bt Name - Informix 4GL

In Sybase and Powerbuilder I recall their where four main types of dynamix cursors; Dynamix SQL - I'm guessing that this still applies to SQL Server since Mirco$wipe "based" their product on Sybase AS.  

I recall some horrific outsourced code I had the misfortune of modifying, a lot of nasty code that defined a type 4 SQLDA dynamic cursor.   Using SQLDA you are allowed to define a cursor in which the input parameters and types and the the result set and types are not defined until the querry runs.  Just because you can, does not mean you should however.  
 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The impact of SQL injection attacks may vary from congregation of sensitive data to manipulating database information, and from executing system-level commands to denial of service of the application.

Types of SQL Injection:

1.In-band SQLi (Classic SQLi)
2.Error-based SQLi
3.Union-based SQLi
4.Inferential SQLi (Blind SQLi)
5.Boolean-based (content-based) Blind SQLi
6.Time-based Blind SQLi
7.Out-of-band SQLi

For more information click:
https://en.wikipedia.org/wiki/SQL_injection
 
reply
    Bookmark Topic Watch Topic
  • New Topic