Question

3. Testing for SQL Injection (OTG-INPVAL-005) SQL Injection remains a problem in applications yet could easily fixed. The following SQL statement is in an HTML form as code with the $ variables directly input from the user. SELECT * FROM Students WHERE EMPLID='$EMPLID' AND EMAIL='$email' Would a form or application that includes this code be susceptible to SQL Injection? Why? What specific tests would you perform to determine if the applications was vulnerable? How would you fix this problem? Be specific be providing the exact code in a Language of your choice. (e.g. Java, PHP, Python ...)

          3. Testing for SQL Injection (OTG-INPVAL-005)
SQL Injection remains a problem in applications yet could easily fixed. The following SQL
statement is in an HTML form as code with the $ variables directly input from the user.
SELECT * FROM Students WHERE EMPLID='$EMPLID' AND EMAIL='$email'
Would a form or application that includes this code be susceptible to SQL Injection? Why?
What specific tests would you perform to determine if the applications was vulnerable?
How would you fix this problem? Be specific be providing the exact code in a Language of your choice.
(e.g. Java, PHP, Python ...)

Show more…

3. Testing for SQL Injection (OTG-INPVAL-005)
SQL Injection remains a problem in applications yet could easily fixed. The following SQL
statement is in an HTML form as code with the variables directly input from the user.
SELECT * FROM Students WHERE EMPLID='EMPLID' AND EMAIL='email'
Would a form or application that includes this code be susceptible to SQL Injection? Why?
What specific tests would you perform to determine if the applications was vulnerable?
How would you fix this problem? Be specific be providing the exact code in a Language of your choice.
(e.g. Java, PHP, Python ...)

Added by Alejandra B.

Elementary and Intermediate Algebra

Alan S. Tussy, R. David Gustafson 5th Edition

Instant Answer

Solved by Expert Manuel Vasquez

Step 1

Would a form or application that includes this code be susceptible to SQL Injection? Why? Yes, the form or application that includes this code would be susceptible to SQL Injection. The reason is that the code directly inputs user-supplied variables ($ variables) Show more…

Show all steps

lock

Thanks for your feedback!

3. Testing for SQL Injection (OTG-INPVAL-005) SQL Injection remains a problem in applications, yet it could easily be fixed. The following SQL statement is in an HTML form as code with the $ variables directly input from the user. SELECT * FROM Students WHERE EMFLID = 'SEMPLID' AND EMAIL = 'Semail' Would a form or application that includes this code be susceptible to SQL Injection? Why? What specific tests would you perform to determine if the application was vulnerable? How would you fix this problem? Be specific by providing the exact code in a language of your choice. (e.g. Java, PHP, Python)

Play audio

Feedback

Powered by NumerAI

Manuel Vasquez and 54 other subject Algebra educators are ready to help you.

Ask a new question

Labs

Want to see this concept in action?

NEW

Explore this concept interactively to see how it behaves as you change inputs.

View Labs

Key Concepts

Recommended Videos

Recommended Textbooks

Ace is your personal tutor. It breaks down any question with clear steps so you can learn.

Start Using Ace

Continue solving this problem

Create a free account to:

View full step-by-step solution
Ask follow-up questions with Ace AI
Save progress and study later