Homework Help is Here – Start Your Trial Now!
Engineering
Computer Science
Assume a University website has a procedure named DISPLAY_GPA(), see the procedure code below. When a student runs the procedure with his or her ID number, the procedure will display the student's name and his or her GPA. set serveroutput on; CREATE OR REPLACE PROCEDURE DISPLAY_ GPA ( P_ Stdid STUDENT.Stdid%Type) AS Stmt CONSTANT VARCHAR2(3000);= 'SELECT stdfn, stdin, StdGPA from Student Where StdiD ='’’ || P_Stdid || “”;   Fname varchar2(30); Lname varchar2(30); GPA number(4);   BEGIN DBMS Output.Put_Line (SQL Stmt:’|| Stmt); EXECUTE IMMEDIATE stmt into fname, Lname, GPA; DBMS OUTPUT.PUT_LINE(fname || ‘’|| Lname || ‘’| | GPA); End DISPLAY GPA/ Show error;     Example of legitimate use: End DISPLAY_GPA (104);   Output SQL Stmt: SELECT stdfn, stdin, StdGPA from Student Where StdiD = ‘104’ Sue Williams 3 PL/SQL procedure successfully completed.   Assume you know someone whose last name is Roberson. Use SQL Injection technique to gain unauthorized access to at least two student's GPAs.   EXEC DISPLAY (); EXEC DISPLAY_GPA ();

Assume a University website has a procedure named DISPLAY_GPA(), see the procedure code below. When a student runs the procedure with his or her ID number, the procedure will display the student's name and his or her GPA. set serveroutput on; CREATE OR REPLACE PROCEDURE DISPLAY_ GPA ( P_ Stdid STUDENT.Stdid%Type) AS Stmt CONSTANT VARCHAR2(3000);= 'SELECT stdfn, stdin, StdGPA from Student Where StdiD ='’’ || P_Stdid || “”;   Fname varchar2(30); Lname varchar2(30); GPA number(4);   BEGIN DBMS Output.Put_Line (SQL Stmt:’|| Stmt); EXECUTE IMMEDIATE stmt into fname, Lname, GPA; DBMS OUTPUT.PUT_LINE(fname || ‘’|| Lname || ‘’| | GPA); End DISPLAY GPA/ Show error;     Example of legitimate use: End DISPLAY_GPA (104);   Output SQL Stmt: SELECT stdfn, stdin, StdGPA from Student Where StdiD = ‘104’ Sue Williams 3 PL/SQL procedure successfully completed.   Assume you know someone whose last name is Roberson. Use SQL Injection technique to gain unauthorized access to at least two student's GPAs.   EXEC DISPLAY (); EXEC DISPLAY_GPA ();

Database System Concepts
Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
See similar textbooks
icon
Related questions
Question

Assume a University website has a procedure named DISPLAY_GPA(), see the procedure code below. When a student runs the procedure with his or her ID number, the procedure will display the student's name and his or her GPA.

set serveroutput on;

CREATE OR REPLACE PROCEDURE DISPLAY_ GPA ( P_ Stdid STUDENT.Stdid%Type) AS

Stmt CONSTANT VARCHAR2(3000);= 'SELECT stdfn, stdin, StdGPA from Student Where StdiD ='’’ || P_Stdid || “”;

 

Fname varchar2(30);

Lname varchar2(30);

GPA number(4);

 

BEGIN

DBMS Output.Put_Line (SQL Stmt:’|| Stmt);

EXECUTE IMMEDIATE stmt into fname, Lname, GPA;

DBMS OUTPUT.PUT_LINE(fname || ‘’|| Lname || ‘’| | GPA);

End DISPLAY GPA/

Show error;

 

 

Example of legitimate use:

End DISPLAY_GPA (104);

 

Output

SQL Stmt: SELECT stdfn, stdin, StdGPA from Student Where StdiD = ‘104’

Sue Williams 3

PL/SQL procedure successfully completed.

 

Assume you know someone whose last name is Roberson. Use SQL Injection technique to gain unauthorized access to at least two student's GPAs.

 

  1. EXEC DISPLAY ();
  2. EXEC DISPLAY_GPA ();
Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 2 steps

SEE SOLUTIONCheck out a sample Q&A here
Blurred answer
Knowledge Booster
Data Binding
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education
SEE MORE TEXTBOOKS