Hii everyone,
I'm a web programmer, but I never understood sql injecting.
All I found was that you can write "a' or 'a'='a" in the password
field to try to connect without knowing the password.
I heard that there are many other ways to do sql injecting, and I
never found how.
I know that you can even manage to get data from sql tables using sql
injecting.
How can it be? How can someone do it?
Please help,
Ofir.
Nov 16 '07
14  1788 
steve wrote:
In t-sql this should be perfectly clear:
DECLARE @X INT
SET @X=5
The variable @X can only take one value at any specific time.
In a relational system a procedure that returns some value at runtime
must behave exactly like @X.
In general, this is false. For instance, you can't do
SET @MyProcedure = (@X, @Y)
However, you seem to merely be advocating that a procedure should
return exactly one value (which may be a table). Upgrading all the
existing procedures that violate this would be a major task, but
allowing it as an option for new procedures would be reasonable
(if it could be done reasonably efficiently).
Add to this the idea of type where each result is a different type
In other words, TABLE (X INT, Y INT) is a different variable type
from TABLE (M VARCHAR(15), N VARCHAR(15))?
This sql sp:
CREATE PROCEDURE SqlTwo
@A INT OUTPUT,
@B INT OUTPUT
AS
SET @A=5
SET @B=10
DECLARE @C INT,@D INT
EXEC SqlTwo @C OUTPUT,@D OUTPUT
SELECT @C
SELECT @D
makes no sense relationally because, again, there are multiple
results. Now there are two scalar types (int) returned instead of sql
'resultsets'. Relationally there is no such thing as more than 1 thing
(think a variable of a type) at a time. Two scalar results are
realized as a 'row' type relationally, ie. 'one' thing.
create operator D4Two():row(A:I nteger,B:Intege r)
begin
result:=row(5 A,10 B);
end;
In this case at runtime D4Two is a variable of type row with 2 scalar
columns.
What if the data you want to return is not multiple scalars, but
rather multiple tables? Upon reflection, I suppose tables could
be nested in this model, i.e. you can return
TABLE(T1 TABLE(X INT, Y INT), T2 TABLE(M VARCHAR(15), N VARCHAR(15)))
This would allow bad developers to commit the common 'a,b,c' 1NF
violation in a whole new way, but then bad developers can screw
things up in any language.
From the relational perspective a table/row/list is a variable that
behaves exactly like a variable in a programming language. Its value
can be assigned to other values just like a t-sql integer variable
can.
It can be compared to other variables (for equality) just like a t-sql
integer variable. It can be passed as an argument to a procedure just
like a t-sql integer variable. For these reasons why MS decided to
call
something a 'table variable' remains a mystery.
But you agree that (1) it has some features of variables, and (2) it
could reasonably be extended to have more features of variables?
Sql distinguishes between user defined functions and procedures. But
sql user defined functions are on the same exact level of procedures
when looked at from the point of view of 'variables'. Neither one
has anything to do with the idea of a relational variable. All this
artificial distinction does is serve to make it harder for users to
understand the relational model :) (Why sql choose to create a user
define function/procedure dichotomy is another topic. But think of
'where' and 'having').
I'd guess these are both for efficiency. They enforce some useful
clarity, too (I also prefer FROM X JOIN Y ON X.Z = Y.Z over
FROM X, Y WHERE X.Z = Y.Z because table joins are a distinct
concept that's worth keeping separate.)
Rather than center on particular synatax or pseudo-syntax I think it
is
the ideas that the relational model is based on that is important.
And what we're talking about here is just a slice of the relational
model. The relational model is not rocket science:) It's actually
quiet straightforward . Ironically it's sql that is out in left field.
The relational model is in line with all current programming
languages.
Unfortuneatly thats never been the case with sql:) This is one of the
reasons I find LINQ so unnecessary. Once you get the idea that a big
part of the relational model is all about the basic concepts of
variables and types I think (I at least hope) that what I've been
trying to explain will make perfect sense:)
A lot of people find SQL pretty straightforward , especially in this
newsgroup. Your choice of (pseudo-)syntax will make a difference to
them. (You might get different responses from a newsgroup focusing
on front-end programming languages, especially if they already
resemble Pascal as D4 seems to do.)
On Nov 22, 1:34 am, Ed Murphy <emurph...@soca l.rr.comwrote:
steve wrote:
In t-sql this should be perfectly clear:
DECLARE @X INT
SET @X=5
The variable @X can only take one value at any specific time.
In a relational system a procedure that returns some value at runtime
must behave exactly like @X.
In general, this is false. For instance, you can't do
SET @MyProcedure = (@X, @Y)
However, you seem to merely be advocating that a procedure should
return exactly one value (which may be a table). Upgrading all the
existing procedures that violate this would be a major task, but
allowing it as an option for new procedures would be reasonable
(if it could be done reasonably efficiently).
Add to this the idea of type where each result is a different type
In other words, TABLE (X INT, Y INT) is a different variable type
from TABLE (M VARCHAR(15), N VARCHAR(15))?
This sql sp:
CREATE PROCEDURE SqlTwo
@A INT OUTPUT,
@B INT OUTPUT
AS
SET @A=5
SET @B=10
DECLARE @C INT,@D INT
EXEC SqlTwo @C OUTPUT,@D OUTPUT
SELECT @C
SELECT @D
makes no sense relationally because, again, there are multiple
results. Now there are two scalar types (int) returned instead of sql
'resultsets'. Relationally there is no such thing as more than 1 thing
(think a variable of a type) at a time. Two scalar results are
realized as a 'row' type relationally, ie. 'one' thing.
create operator D4Two():row(A:I nteger,B:Intege r)
begin
result:=row(5 A,10 B);
end;
In this case at runtime D4Two is a variable of type row with 2 scalar
columns.
What if the data you want to return is not multiple scalars, but
rather multiple tables? Upon reflection, I suppose tables could
be nested in this model, i.e. you can return
TABLE(T1 TABLE(X INT, Y INT), T2 TABLE(M VARCHAR(15), N VARCHAR(15)))
This would allow bad developers to commit the common 'a,b,c' 1NF
violation in a whole new way, but then bad developers can screw
things up in any language.
From the relational perspective a table/row/list is a variable that
behaves exactly like a variable in a programming language. Its value
can be assigned to other values just like a t-sql integer variable
can.
It can be compared to other variables (for equality) just like a t-sql
integer variable. It can be passed as an argument to a procedure just
like a t-sql integer variable. For these reasons why MS decided to
call
something a 'table variable' remains a mystery.
But you agree that (1) it has some features of variables, and (2) it
could reasonably be extended to have more features of variables?
Sql distinguishes between user defined functions and procedures. But
sql user defined functions are on the same exact level of procedures
when looked at from the point of view of 'variables'. Neither one
has anything to do with the idea of a relational variable. All this
artificial distinction does is serve to make it harder for users to
understand the relational model :) (Why sql choose to create a user
define function/procedure dichotomy is another topic. But think of
'where' and 'having').
I'd guess these are both for efficiency. They enforce some useful
clarity, too (I also prefer FROM X JOIN Y ON X.Z = Y.Z over
FROM X, Y WHERE X.Z = Y.Z because table joins are a distinct
concept that's worth keeping separate.)
Rather than center on particular synatax or pseudo-syntax I think it
is
the ideas that the relational model is based on that is important.
And what we're talking about here is just a slice of the relational
model. The relational model is not rocket science:) It's actually
quiet straightforward . Ironically it's sql that is out in left field.
The relational model is in line with all current programming
languages.
Unfortuneatly thats never been the case with sql:) This is one of the
reasons I find LINQ so unnecessary. Once you get the idea that a big
part of the relational model is all about the basic concepts of
variables and types I think (I at least hope) that what I've been
trying to explain will make perfect sense:)
A lot of people find SQL pretty straightforward , especially in this
newsgroup. Your choice of (pseudo-)syntax will make a difference to
them. (You might get different responses from a newsgroup focusing
on front-end programming languages, especially if they already
resemble Pascal as D4 seems to do.)- Hide quoted text -
- Show quoted text -
I feel like I'm watching a Greek person and an Italian person
discussing the virtues of speaking French :-/
On Nov 22, 4:56 am, jhofm...@google mail.com wrote:
I feel like I'm watching a Greek person and an Italian person
discussing the virtues of speaking French :-/
If your a beginner and don't understand something ask questions. If
your
an expert don't hide your knowledge, share it. I'll give you the
benefit of my doubt and won't assume which you are :)
Assumptions are the mother of all f__kups:
'Under Siege, Dark Territory' www.beyondsql.blogspot.com
On Nov 23, 12:41 am, steve <rog11...@aol.c omwrote:
On Nov 22, 4:56 am, jhofm...@google mail.com wrote:
I feel like I'm watching a Greek person and an Italian person
discussing the virtues of speaking French :-/
If your a beginner and don't understand something ask questions. If
your
an expert don't hide your knowledge, share it. I'll give you the
benefit of my doubt and won't assume which you are :)
Assumptions are the mother of all f__kups:
'Under Siege, Dark Territory'
www.beyondsql.blogspot.com
I don't claim to be an expert in either Greek or Italian .. but when
I'm in Greece I try to speak Greek, and when in Italy - Italian :)
Maybe I am just too used to it, but personally I think that SQL is
excellent at performing the task it was designed to perform. The fact
that it is not the "same" as other programming languages might have
something to do with the nature of the tasks I write it to perform. I
guess when I learn new languages I try to get the most out of them as
they are, at the end of the day there is a reason why I learned the
language and usually it involves earning a pay cheque.
Maybe I am too young (or too busy) to have had many late nights
pondering how much better my life would be if some giant corporation
would ask its developers to communicate more :)
steve wrote:
Exactly. Think of sql strings. This table, TABLE(TABLE (M VARCHAR(15),
N VARCHAR(15)),
is a differnt type than TABLE (N VARCHAR(16), N VARCHAR(16))! This
means that we couldn't compare the two and undermines real relational
division. To declare how many characters in a string is clearly the
opposite of what the relational idea of data independence is all
about. Relationally there can only be a 'string' type having
absolutely nothing to do with its storage characteristics . And this
is the same idea in any programming language. This is just one
manifestation of how sqls design ignores the concept of a strong type.
Shouldn't you be complaining that such variables are /too/ strongly
typed? Anyway, this is a separate complaint from your previous ones
(at least those that I've seen), and IMO a minor one.
>This would allow bad developers to commit the common 'a,b,c' 1NF
violation in a whole new way, but then bad developers can screw
things up in any language.
The view that strings like 'a,b,c' violate the idea of the atomicity
of a column in an sql table is a direct result of sql's lack of types
and lack of relationships between types. There is no violation of any
kind in a relational system because the string can be stored as
a single value of a column retaining the concept that there individual
elements involved. It would simply be stored as a 'list' type.
Beyond your simple examples (which I snipped for brevity), a slightly
more interesting usage would be
select x, y -- y's type is e.g. TABLE (Z VARCHAR(15))
from the_table
where 'a' in y
or perhaps this would be better, since y might have multiple columns:
select x, y
from the_table
where 'a' in (select z from y)
This would probably have pros and cons in practice.
I don't think MS could lock its developer army in a hotel and tell
them to make sql a little more relational:) They have two choices.
Either buy a relational system (like D4) or start from the ground up
to
develop one. The gulf between a relational system and sql is too great
to try to simply make changes in sql server. Which ever major vendor
does either will 'own' application development :)
Why? The syntax extensions seem straightforward , provided that it can
be implemented reasonably efficiently. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Jamie R. Parent |
last post by:
Hello,
How do you go about taking a variable which was declared in C and pass
that through to a Python script? I have tried doing this by adding a
simple string which is a PyObject from C into the local dictionary and
retrieving it from script via a locals() print statement.
This however does not seem to work. It would seem that when the scripts
are ran the local dictionary with the added item is wiped clean and a
new local dictionary...
|
by: Skip Montanaro |
last post by:
I use sets a lot in my Python 2.3 code at work and have been using this
hideous import to make the future move to 2.4's set type transparent:
try:
x = set
except NameError:
from sets import Set as set
else:
del x
|
by: George Sakkis |
last post by:
Is there a general way of injecting code into a function, typically
before and/or after the existing code ? I know that for most purposes,
an OO solution, such as the template pattern, is a cleaner way to get
the same effect, but it's not always applicable (e.g. if you have no
control over the design and you are given a function to start with). In
particular, I want to get access to the function's locals() just before
it exits, i.e....
|
by: Amine Zejli |
last post by:
Hi,
I am trying to inject a web service into my .NET application. The thing is I
only have the wsdl doc and it is just a text file that is saved on my comp.
can anybody help me and tell me how I can inject that local wsdl document
into my studio .NET application.
Thank you all very much
amine
|
by: wschaub |
last post by:
We need to inject information (i.e. server details from where a signed file
was downloaded) into a signed file, without breaking the signature or
integrity of a signed file. Apparently there are areas and ways to inject
custom information into signed files, however, we cannot find the "how to".
It is needed to inject server source when customer downloads signed files
from a site, allowing the downloaded file to query the information and...
| | |
by: Nadav |
last post by:
Hi,
Introduction:
************************************************************
I am working on a project that should encrypt PE files ( Portable executable
), this require me to inject some code to existing PEs.
First, I have tried:
1. to inject some code to the end of the ‘.text’ segment of an existing PE
2. to set the entry point RVA to the address of the injected code
3. at the end of the injected code I have set a jmp to the...
|
by: tai |
last post by:
Hi.
I'm looking for a way to define a function that's only effective inside
specified function.
Featurewise, here's what I want to do:
bar_plugin_func = function() { ...; setTimeout(...); ... };
wrap_func(bar_plugin_func);
bar_plugin_func(); // calls custom "setTimeout"
|
by: rh.krish |
last post by:
Hi,
I have a unique situation. We have many applications (approx - 20)
built on .NET framework 1.1 & 2.0 and hosted in one single IIS website
in PROD. We have similar setup in TEST. Now we want to have a banner
indicating that the website being accessed by the user is TEST. This
is because, there are some users who have access to both and sometimes
they do stuffs in PROD which are meant to be done only in TEST. By
displaying somekind of...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
