SQL Injection

SQL injection is a technique where hacker can inject SQL commands into an SQL statement, via web page.Injected SQL commands can compromise the security of a website.

SQL Injection Based on 0=0 is Always True

Let's say that the original purpose of the code was to create an SQL statement to select a user with a given Emp_id.

Emp_id: 112 or 0=0

SELECT * FROM Emp_Details WHERE Emp_id = 112 or 0=0

The SQL above is valid. It will return all rows from the table, as WHERE 0=0 is always true.

 

SQL Injection Based on ""="" is Always True

Here is a public construction, used to verify user login on a web page:

User Name:

Password:

The Final Statement will be

UserName = request.form("UserName");
Pass = request.form ("UserPass");

sql=" SELECT * FROM Emp_Details WHERE UserName ='" + UserName + "' AND PassWord ='" + Pass + "'"

Hackers might get access to user names and passwords in a database by simply inserting “or ""=" into the user name or password text box.

The code at the server will create a valid SQL statement like this:

SELECT * FROM Emp_Details WHERE UserName ="" or ""="" AND PassWord ="" or ""=""

The result SQL is valid. It will return all rows from the table Users,since  WHERE ""="" is always true.

SQL Injection Based on Batched SQL Statements 

Most databases support batched SQL statement, separated by semicolon.

e.g.

SELECT * FROM Emp_Details ; DROP TABLE EmpLoginDetails

The SQL above will return all rows in the Emp_Details table, and then delete EmpLoginDetails table.

If we had the following server code:

UserName = request.form("UserId");
txtSQL = " SELECT * FROM Emp_Details WHERE UserName = " + UserName;

And the following input:

User Name: 105; DROP TABLE EmpLoginDetails

The code at the server would create a valid SQL statement like this:

SELECT * FROM Emp_Details WHERE UserName = 105; DROP TABLE EmpLoginDetails

Parameters for Protection

The only way to protect a web page from SQL injection, is to use SQL parameters. SQL parameters are values that are added to an SQL query at execution time, in a controlled manner. The SQL engine checks each parameter to ensure that it is correct for its column and are treated literally, and not as part of the SQL to be executed.

UserName = request.form("UserId");
sql = " SELECT * FROM Emp_Details WHERE  UserName = @a";
command = new SqlCommand(sql);
command.Parameters.AddWithValue("@a", UserName);
command.ExecuteReader();

Backup/Copy a table in SQL using query

Backup/Copy a table in SQL using query

Copy all columns into the new table:

SELECT * INTO NewTableName FROM OldtableName;

e.g.

SELECT * INTO Emp_DetailsBkup FROM Emp_Details;

Copy selected columns to new table

SELECT Col1, Col2, Col3… INTO Emp_DetailsBkup FROM Emp_Details;

e.g.

SELECT Emp_Name, Emp_Id, Address… INTO Emp_DetailsBkup FROM Emp_Details;

Copy selected columns to new table with Where clause

SELECT * INTO NewTableName FROM OldtableName where clause;

e.g.

SELECT * INTO Emp_DetailsBkup FROM Emp_Details where id >10;

SQL Server data types

SQL data type is an attribute that specifies type of data of any object. Each column, variable and expression has related data type in SQL.

SQL Server categories of data types

Numeric Data Types

• bigint: stores only date values with a range of -9,223,372,036,854,775,808 TO                                            9,223,372,036,854,775,807
• int: stores only date values with a range of -2,147,483,648 TO 2,147,483,647
• smallint: stores only date values with a range of  -32,768 TO 32,767
• tinyint: stores only date values with a range of  0 TO 255
• bit: stores only date values with a range of 0 TO 1
• decimal: stores only date values with a range of -10^38 +1 TO 10^38 -1
• numeric: stores only date values with a range of -10^38 +1 TO 10^38 -1
• money: stores only date values with a range of -922,337,203,685,477.5808 TO                    +922,337,203,685,477.5807
• smallmoney: stores only date values with a range of -214,748.3648 TO +214,748.3647
• float: stores only date values with a range of -1.79E + 308 TO 1.79E + 308
• real : stores only date values with a range of -3.40E + 38 TO 3.40E + 38

 

Date & Time Data Types

• Datetime:          FROM Jan 1, 1753 TO Dec 31, 9999
• Smalldatetime:  FROM Jan 1, 1900 TO Jun 6, 2079
• Date:  Stores a date like June 30, 1991
• Time:  Stores a time of day like 12:30 P.M.

 

Character Strings Data Types

• char: Maximum length of 8,000 characters.( Fixed length non-Unicode characters)
• varchar: Maximum of 8,000 characters.(Variable-length non-Unicode data).
• varchar(max): Maximum length of 231characters, Variable-length non-Unicode data (SQL Server 2005 only).
• text: Variable-length non-Unicode data with a maximum length of 2,147,483,647 characters.

 

Unicode Character Strings Data Types

• nchar: Maximum length of 4,000 characters.( Fixed length Unicode)
• nvarchar: Maximum length of 4,000 characters.(Variable length Unicode)
• nvarchar(max): Maximum length of 231characters (SQL Server 2005 only).( Variable length Unicode)
• ntext: Maximum length of 1,073,741,823 characters. (Variable length Unicode)

 

Binary Data Types

• binary: Maximum length of 8,000 bytes(Fixed-length binary data )
• varbinary: Maximum length of 8,000 bytes.(Variable length binary data)
• varbinary(max): Maximum length of 231 bytes (SQL Server 2005 only). ( Variable length Binary data)
• image: Maximum length of 2,147,483,647 bytes. ( Variable length Binary Data)

 

Misc Data Types

• sql_variant: Stores values of various SQL Server-supported data types, except text, ntext, and timestamp.
• timestamp: Stores a database-wide unique number that gets updated every time a row gets updated
• uniqueidentifier: Stores a globally unique identifier (GUID)
• xml: Stores XML data. You can store xml instances in a column or a variable (SQL Server 2005 only).
• cursor: Reference to a cursor object
• table: Stores a result set for later processing

Types of SQL Server Functions

Types of Function

1.            System Defined Function

These functions are defined by Sql Server for different purpose. We have two types of system defined function in Sql Server

Scalar Function

Scalar functions operates on a single value and returns a single value. Below is the list of some useful Sql Server Scalar functions.

      System Scalar Function

• abs(-9.37) : returns absolute number of the given number means 9.37.
• rand(15): will generate random number of 15 characters.
• round(1.567): will round off the given number to 2 places of decimal means 1.57
• upper('sqlserver'): will returns upper case of given string means ‘SQLSERVER’
• lower(SQLSERVER’): will returns lower case of given string means 'sqlserver'
• ltrim(' sqlserver'): will remove the spaces from left hand side of 'sqlserver' string.
• convert(int, 72.66): will convert the given float value to integer means 72.

Aggregate Function

Aggregate functions operates on a collection of values and returns a single value. Below is the list of some useful Sql Server Aggregate functions.

     System Aggregate Function

• max(): returns maximum value from a collection of values.
• min(): returns minimum value from a collection of values.
• avg(): returns average of all values in a collection.
• count(): returns no of counts from a collection of values.

User Defined Function

Please check the article posted on dated “Monday, 14 December 2015”

http://mysqlfacts.blogspot.in/2015/12/User-Defined-Functions-IN-SQL.html

Difference between Stored Procedures and User Defined Functions

Stored Procedures:

1   Stored Procedure may or not return values.

2.    Can have select statements as well as DML statements such as insert, update, delete and so on

3.    It can have both input and output parameters.

4.    For exception handling we can use try catch blocks

5.    Can use transactions within Stored Procedures

6.    Can use both table variables as well as temporary table in it

7.    Stored Procedures can call functions

8.    Procedures can't be called from Select/Where/Having and so on statements. Execute/Exec statement can be used to call/execute Stored Procedure

9.    Procedures can't be used in Join clause

User Defined Functions

1.    Function must return a value.

2.    Will allow only Select statements, it will not allow us to use DML statements.

3.    It will allow only input parameters, doesn't support output parameters.

4.    It will not allow us to use try-catch blocks

5.    Transactions are not allowed within functions

6.    We can use only table variables, it will not allow using temporary tables

7.    Stored Procedures can't be called from a function

8.    Functions can be called from a select statement

9.    A UDF can be used in join clause as a result set.