Today, I searched Baidu Encyclopedia and wrote sql injection very well. I can't understand so much myself. I will write as much as I can understand here:
1: Validate user input (regular expression, limit length, convert sensitive characters)
2: Do not dynamically assemble sql, you can use parameterized sql or directly use stored procedures for data query access
3: Never use a database connection with administrator privileges, use a separate database connection with limited privileges for each application
4: Do not store confidential information directly, encrypt or hash out passwords and sensitive information
5: Wrap the original error message with a custom error message
6: The sql injection detection method goes to the auxiliary software or website platform to detect
7: At the front desk to verify the username and password, you can verify the username and password first.