Question: Consider the following line of code, taken from the login routine of a web-based application: result = sql.exeuteQuery("SELECT uid FROM Users WHERE user = '" + username + "' AND pass = '" + pword + "';"); -- username and pword are strings returned from a form on the application's login page. Based on this code, what security problems do you see with this application? What techniques would you use to fix them?

From: Programming Interviews Exposed

Subject: Knowledge Based

Load Another Question

Select a Subject

Select a Subject Algorithm Analysis Arrays and Strings Bit Manipulation C and Cpp Code Quality Combinatorial Search Concurrency Data Structures Databases Design Patterns Dynamic Programming General Graph Theory Hard Java Knowledge Based Linked Lists Math and Logic Puzzles Moderate Object-Oriented Design Recursion Recursion and Dynamic Programming Soft Skills Sorting and Searching Stacks and Queues System Design and Scalability Testing Threads and Locks Trees and Graphs