Note: In case if your problem statement is updated, please donot hesitate us and send it to us at [email protected] We would surely like to help you in this regard.
Note: In class we are using SQL Server 2000 Service Pack 4, Northwind Database, .NET 4
And the SQLInjection.zip folder that I have attached.
I just need some screen shots and a query string to complete this part.
1. Open the SQL Injection web page browsing to this web page:
Localhost/SQLInjection/SQLInjection.aspx
2. Enter the following value for the Customer Id and retrieve the information:
ALFKI
Observe the results. Print out the results and attach to lab report. Try to infer how this query might have been constructed by the program given the user input ALFKI.
The SQL query command was:
SELECT Orders.CustomerID, Orders.OrderID, COUNT (UnitPrice) AS Items,
SUM(UnitPrice*Quantity) AS Total FROM Orders
INNER JOIN [Order Details]
ON Orders.OrderID = [Order Details].OrderID
WHERE Orders.CustomerID = ‘ALFKI’
GROUP BY Orders.OrderID, Orders.CustomerID
Test it out by using the SQL Query Analyzer.
3. Now, to get you started, here is a sample SQL Injection data that will retrieve the information about all customers from the database. Enter the following in the Customer ID field and hit the submit button:
ALFKI’ or ‘1’=’1
Print out the query results and attach to the lab report. What is the query string for this query? Test it out by using the SQL Query Analyzer.
* If you have any issues with the payment method, please let us know at [email protected] and that can be discussed and considered.
* Your paypal has to be pre-loaded in order to complete the purchase or otherwise please discuss it with us at [email protected].
* As soon as the payment is received through PayPal, download link of the solution will automatically be sent to the address used in Paypal.
* Please check your junk mails as the download link email might go there.
* All the contents are compressed in one zip folder.
* In case if you get stuck at any point during the payment process, please immediately contact us at [email protected] and we will fix it with you.
* We try our best to reach back to you on immediate basis. However, please expect to get a response within 8 hours from our side.
* Comments/Feedbacks are truely welcomed and there might be some incentives for you for the next lab/quiz/assignment.
* In case of any query, please donot hesitate to contact us at [email protected].
******************************************** Good Luck ***************************************************
Any personal information received will only be used to fill your order. We will not sell or redistribute your information to anyone.
We will try our best to resolve the issue and if still persists we can discuss for a refund in case its required.
Note: In case if your problem statement is updated, please donot hesitate us and send it to us at [email protected] We would surely like to help you in this regard.