SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. SQL Injection attacks are typically the result of misplaced trust in the data inputs to a system. In this video, Todd Miranda demonstrates a simple SQL Injection attack and how to prevent it.

Presented by Todd Miranda on December 18, 2007
Length: 22 minutes 51 seconds