In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-09-22 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >
Share
Shulou(Shulou.com)05/31 Report--
Editor to share with you how to do preventive measures of SQL injection, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!
1. What is sql injection (Sql injection)?
Sql injection is an attack that adds sql code to the input parameters and passes it to the Sql server for parsing and execution.
two。 How did it come about?
Web developers cannot guarantee that all input has been filtered
Attackers use input data sent to the Sql server to construct executable Sql code
The database has not been configured for security.
3. How to find sql vulnerabilities?
Identify all input points in the web application
Know what types of requests trigger exceptions? (special characters "or')
Detect anomalies in the server response
4. How to conduct SQL injection attacks?
Digital injection:
Select * from tablename where id=1 or 1
String injection:
Annotation properties of Mysql:
The ones after the # and-- signs are commented out and can be queried correctly no matter what the password is entered. Please click here to enter a picture description
5. How to prevent sql injection?
Strictly check the input format: is_numeric (var), validate verification of tp5. String injection is regular to see whether it is between [A-Za-z].
Escape: addslashes (str),
Escape by mysqli_escape_string () function
Pre-compilation Mechanism of 6.MySQLi
Parametric binding
Parametric binding, another barrier to prevent SQL injection. Both php MySQLi and PDO provide this feature. For example, MySQLi can query like this:
PDO is more convenient, such as:
The above is all the contents of the article "how to take precautions by SQL injection". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
The market share of Chrome browser on the desktop has exceeded 70%, and users are complaining about
The world's first 2nm mobile chip: Samsung Exynos 2600 is ready for mass production.According to a r
A US federal judge has ruled that Google can keep its Chrome browser, but it will be prohibited from
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
About us Contact us Product review car news thenatureplanet
More Form oMedia: AutoTimes. Bestcoffee. SL News. Jarebook. Coffee Hunters. Sundaily. Modezone. NNB. Coffee. Game News. FrontStreet. GGAMEN
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
