Defination : SQL injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data. An SQL query is a request for some action to be performed on a database. Typically, on a Web form for user authentication, when a user enters their name and password into the text boxes provided for them, those values are inserted into a SELECT query. If the values entered are found as expected, the user is allowed access; if they aren’t found, access is denied. However, most Web forms have no mechanisms in place to block input other than names and passwords. Unless such precautions are taken, an attacker can use the input boxes to send their own request to the database, which could allow them to download the entire database or interact with it in other illicit ways.

The risk of SQL injection exploits is on the rise because of automated tools. In the past, the danger was somewhat limited because an exploit had to be carried out manually: an attacker had to actually type their SQL statement into a text box. However, automated SQL injection programs are now available, and as a result, both the likelihood and the potential damage of an exploit has increased enormously. In an interview with Security Wire Perspectives, Caleb Sima, CTO of SPI Dynamics spoke of the potential danger: “This technology being publicly released by some black hat will give script-kiddies the ability to pick up a freeware tool, point it at a Web site and automatically download a database without any knowledge whatsoever. I think that makes things a lot more critical and severe. The automation of SQL injection gives rise to the possibility of a SQL injection worm, which is very possible. In fact, I am surprised this hasn’t occurred yet.” Sima estimates that about 60% of Web applications that use dynamic content are vulnerable to SQL injection.

According to security experts, the reason that SQL injection and many other exploits, such as cross-site scripting, are possible is that security is not sufficiently emphasized in development. To protect the integrity of Web sites and applications, experts recommend simple precautions during development such as controlling the types and numbers of characters accepted by input boxes.

Source : whatis.com

first create function :

function sql_failure_handler($error)

{

 return “Database Error”;

}

call it like :

$result=mysql_query($sql) or die(sql_failure_handler(mysql_error()));

1. There is less chance to wrong in HTML tag style when we follow W3C standard.

2. Less use of javascript

3. Title in hyperlinks, helps to increase more words for robot.

4. In W3C standard we must need to define tag name in image so crawller can read it and can get position in Image search

 

After lunching web 2.0 it is very easy to check email, access social networking sites and see video in youtube. I am also taking its advantage by using in my websites. Thanks for them who participate for this.

When I m developing web application for mobile devices I face lots of problem. Then I Imaging If there is Mobile Web 2.0 …..  This morning I read one article about Mobile Web 2.0, According to a new report by Juniper Research titled “Mobile Web 2.0: Leveraging ‘Location, IM, Social Web & Search’ 2008-2013,” the global market for Mobile Web 2.0 (social networking and user generated content) will be worth $22.4bn in 2013, up from $5.5bn currently.

If Mobile Web 2.0 really can happen it will replace Computer to access web and