Академический Документы
Профессиональный Документы
Культура Документы
Sweeney
msweeney@sammamishsoftware.com
GUI or Web
Front End
SQL Harness/
Test Bed
T-SQL:
declare @e_expected char(3),
@e_exists char(3) ;
set @e_expected = 'YES';
set @e_exists = 'NO ';
Copyright Sammamish Software
Services 2003. All rights reserved. 24
Declare
/* variable declarations */
Begin
/* code */
End;
if @@error = 2627
select 'Test failure: Duplicate PK not handled by
Proc'
Begin
/* code */
Exception
when NO_DATA_FOUND then
/* code */
End;
Stored
Procedure
tests
Create Procedure
Tst_InputCommercial2
As
/* your test code goes here! */
Customers
table Orders
Table
TrgOrdUp
d TrgOrdLog
TrgCustLog
Custome Orders
r log
log table
table
Password:
Turns this query:
Select username from user where username = ‘someuser’
and pass = ‘somepass’
Into this query:
Select username from user where username = ‘’ or 1 = 1;
drop table user; -- and pass = ‘’
Copyright Sammamish Software
Services 2003. All rights reserved. 59
Demo 5:
Develop at least two test cases to test for a SQL Injection
attack