Skip to Main Content

Breadcrumb

XMAS_TREE

The AskTOM team is taking a break over the holiday season, so we're not taking questions or responding to comments. Please have a happy and safe festive season and as always, thanks for being a member of the AskTOM community.

Question and Answer

Connor McDonald

Thanks for the question, Balakrishna.

Asked: July 19, 2016 - 4:15 pm UTC

Last updated: July 19, 2016 - 4:29 pm UTC

Version: 12c

Viewed 1000+ times

You Asked

Hi Tom,
1)What is the sql injection,And how to solve sql injection problems with an example program tom?

and Chris said...

SQL injection happens when people insert unwanted SQL to the code sent to the database. This can enable them to read private data or even worse things, such as drop your tables...

Preventing it is easy: Use bind variables!

For further reading, see:

https://blogs.oracle.com/sql/entry/what_is_sql_injection_and

Or if you want to see an interactive demo, check out:

http://www.codebashing.com/sql_demo


Rating

  (1 rating)

We're not taking comments currently, so please try again later if you want to add a comment.

Comments

DDL's

Rajeshwaran, Jeyabal, July 20, 2016 - 2:49 am UTC

With DML's binding would help, In case of DDL's that cannot be bounded, DBMS_ASSERT API would help.
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's channel and Chris's channel from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.