SELECT FIRSTNAME FROM table1
WHERE FIRSTNAME
COLLATE SQL_Latin1_General_CP1_CI_AS like '% KIRAN%'
This will show all records where First name have Kiran, KIRAN, kiran...
if Suppose You Sql Database is Case Sensetive.. then only....
I have check in Ms Sql....
Thank you...
Friday, June 12, 2009
Thursday, April 23, 2009
Sql injection
SQL Injection happens when a developer accepts user input that is directly placed ( with out change )
into a SQL Statement and doesn't properly filter out dangerous characters.
This can allow an attacker to not only steal data from your database,
but also modify and delete it. Certain SQL Servers such as Microsoft SQL Server contain
Stored and Extended Procedures (database server functions).
If an attacker can obtain access to these Procedures
it may be possible to compromise the entire machine. Attackers commonly
insert single qoutes into a URL's query string, or into a forms input field to test
for SQL Injection. If an attacker receives an error message like the one below
there is a good chance that the application is vulnerable to SQL Injection.
Ex. admin';delete from USer_Details where User_Id=4--
into a SQL Statement and doesn't properly filter out dangerous characters.
This can allow an attacker to not only steal data from your database,
but also modify and delete it. Certain SQL Servers such as Microsoft SQL Server contain
Stored and Extended Procedures (database server functions).
If an attacker can obtain access to these Procedures
it may be possible to compromise the entire machine. Attackers commonly
insert single qoutes into a URL's query string, or into a forms input field to test
for SQL Injection. If an attacker receives an error message like the one below
there is a good chance that the application is vulnerable to SQL Injection.
Ex. admin';delete from USer_Details where User_Id=4--
Wednesday, April 15, 2009
difference between stored prcedure and inline qery
sp: stored procedure execute at server side.. database server execute it..
inline : execute in application code..so it has overhead on application (may little slow ur application)
sp: it is pre- compile type command once we execute server creates a execution program for sp,
so when next time thay sp call it gives faster reply....
inline : there is no mechanism in inline so it does not have such feature.
inline : execute in application code..so it has overhead on application (may little slow ur application)
sp: it is pre- compile type command once we execute server creates a execution program for sp,
so when next time thay sp call it gives faster reply....
inline : there is no mechanism in inline so it does not have such feature.
welcome to my new blog of SQL
hello friends..here i will pulish some fundamentals about sql..i hope it will helpfull to u....
thank you....
thank you....
Subscribe to:
Posts (Atom)