Tutorial by Examples

Assuming the call to your web application's login handler looks like this: https://somepage.com/ajax/login.ashx?username=admin&password=123 Now in login.ashx, you read these values: strUserName = getHttpsRequestParameterString("username"); strPassword = getHttpsRequestParameterSt...

If the SQL statement is constructed like this: SQL = "SELECT * FROM Users WHERE username = '" + user + "' AND password ='" + pw + "'"; db.execute(SQL); Then a hacker could retrieve your data by giving a password like pw' or '1'='1; the resulting SQL statement will ...