SQL Injection (Database Hacked)

Root Folder > SQL Server
If your database ( SQL or Access ) got hacked but your files are not changed, that is most probably because of SQL injection. You should verify all browser inputs and URLs before running them. The link provided here is a guideline of what you can do to prevent that.
This is considered the lack of security in web application and it is not related to server.
http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/default.aspx

Add Feedback