Homework Help is Here – Start Your Trial Now!
Engineering
Computer Science
Assume a University website has a procedure named DISPLAY_GPA(), see the procedure code below. When a student runs the procedure with his or her ID number, the procedure will display the student's name and his or her GPA. set serveroutput on; CREATE OR REPLACE PROCEDURE DISPLAY_ GPA ( P_ Stdid STUDENT.Stdid%Type) AS Stmt CONSTANT VARCHAR2(3000);= 'SELECT stdfn, stdin, StdGPA from Student Where StdiD ='’’ || P_Stdid || “”;   Fname varchar2(30); Lname varchar2(30); GPA number(4);   BEGIN DBMS Output.Put_Line (SQL Stmt:’|| Stmt); EXECUTE IMMEDIATE stmt into fname, Lname, GPA; DBMS OUTPUT.PUT_LINE(fname || ‘’|| Lname || ‘’| | GPA); End DISPLAY GPA/ Show error;     Example of legitimate use: End DISPLAY_GPA (104);   Output SQL Stmt: SELECT stdfn, stdin, StdGPA from Student Where StdiD = ‘104’ Sue Williams 3 PL/SQL procedure successfully completed.   Assume you know someone whose last name is Roberson. Use SQL Injection technique to gain unauthorized access to at least two student's GPAs.   EXEC DISPLAY (); EXEC DISPLAY_GPA ();

Assume a University website has a procedure named DISPLAY_GPA(), see the procedure code below. When a student runs the procedure with his or her ID number, the procedure will display the student's name and his or her GPA. set serveroutput on; CREATE OR REPLACE PROCEDURE DISPLAY_ GPA ( P_ Stdid STUDENT.Stdid%Type) AS Stmt CONSTANT VARCHAR2(3000);= 'SELECT stdfn, stdin, StdGPA from Student Where StdiD ='’’ || P_Stdid || “”;   Fname varchar2(30); Lname varchar2(30); GPA number(4);   BEGIN DBMS Output.Put_Line (SQL Stmt:’|| Stmt); EXECUTE IMMEDIATE stmt into fname, Lname, GPA; DBMS OUTPUT.PUT_LINE(fname || ‘’|| Lname || ‘’| | GPA); End DISPLAY GPA/ Show error;     Example of legitimate use: End DISPLAY_GPA (104);   Output SQL Stmt: SELECT stdfn, stdin, StdGPA from Student Where StdiD = ‘104’ Sue Williams 3 PL/SQL procedure successfully completed.   Assume you know someone whose last name is Roberson. Use SQL Injection technique to gain unauthorized access to at least two student's GPAs.   EXEC DISPLAY (); EXEC DISPLAY_GPA ();

Programming with Microsoft Visual Basic 2017
Programming with Microsoft Visual Basic 2017
8th Edition
ISBN:9781337102124
Author:Diane Zak
Publisher:Diane Zak
Chapter6: Sub And Function Procedures
Section: Chapter Questions
Problem 11E
See similar textbooks
icon
Related questions
Question

Assume a University website has a procedure named DISPLAY_GPA(), see the procedure code below. When a student runs the procedure with his or her ID number, the procedure will display the student's name and his or her GPA.

set serveroutput on;

CREATE OR REPLACE PROCEDURE DISPLAY_ GPA ( P_ Stdid STUDENT.Stdid%Type) AS

Stmt CONSTANT VARCHAR2(3000);= 'SELECT stdfn, stdin, StdGPA from Student Where StdiD ='’’ || P_Stdid || “”;

 

Fname varchar2(30);

Lname varchar2(30);

GPA number(4);

 

BEGIN

DBMS Output.Put_Line (SQL Stmt:’|| Stmt);

EXECUTE IMMEDIATE stmt into fname, Lname, GPA;

DBMS OUTPUT.PUT_LINE(fname || ‘’|| Lname || ‘’| | GPA);

End DISPLAY GPA/

Show error;

 

 

Example of legitimate use:

End DISPLAY_GPA (104);

 

Output

SQL Stmt: SELECT stdfn, stdin, StdGPA from Student Where StdiD = ‘104’

Sue Williams 3

PL/SQL procedure successfully completed.

 

Assume you know someone whose last name is Roberson. Use SQL Injection technique to gain unauthorized access to at least two student's GPAs.

 

  1. EXEC DISPLAY ();
  2. EXEC DISPLAY_GPA ();
Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 2 steps

SEE SOLUTIONCheck out a sample Q&A here
Blurred answer
Knowledge Booster
Data Binding
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
Recommended textbooks for you
Programming with Microsoft Visual Basic 2017
Programming with Microsoft Visual Basic 2017
Computer Science
ISBN:
9781337102124
Author:
Diane Zak
Publisher:
Cengage Learning
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:
9780357392676
Author:
FREUND, Steven
Publisher:
CENGAGE L
Oracle 12c: SQL
Oracle 12c: SQL
Computer Science
ISBN:
9781305251038
Author:
Joan Casteel
Publisher:
Cengage Learning
Np Ms Office 365/Excel 2016 I Ntermed
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:
9781337508841
Author:
Carey
Publisher:
Cengage
New Perspectives on HTML5, CSS3, and JavaScript
New Perspectives on HTML5, CSS3, and JavaScript
Computer Science
ISBN:
9781305503922
Author:
Patrick M. Carey
Publisher:
Cengage Learning
SEE MORE TEXTBOOKS