SQL injection, and prevention

Others 2022-05-28 14:28:30 views: 0

Injection principle:

        1, normal sql:

        select * from example where name = 'wnj'

        

        2. Inject the query, replace wnj with wnj' or '1=1

        The generated statement is select * from example where name = 'wnj' or '1=1'

        

        3. Inject delete, replace wnj with wnj'; delete from example where '1'='1

        The generated statement is select * from example where name = 'wnj'; delete from example where '1'='1

        It will execute one more delete statement and kneel.

 

 

Prevention:

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=327081496&siteId=291194637
Recommended
Ranking
[Nodejs] Native nodejs routing, getting parameters, static directory
Introduction and use of the datetime module in python - used to process date and time, calculate time intervals, etc.
Java bytecode decompiler in IntelliJIDEA for Scala
Resolved local variable 'str' referenced before assignment
Transformer Vision (2) || ViT-B/16 network structure
Translation: The most impressive YouTube channel that allows you to learn AI, machine learning and data science
gRPC- interceptor simple to use
Fortunately, three times faster investment has been lost how to do? There Baoying tutor you fly 69,937,609
Using Django to create a new project in the Windows10 environment gives an error [django-admin.py: The "django-admin.py" item cannot be recognized as the name of a cmdlet, function, script file, or executable program. 】
What should I do if I need to prepare the product standard
Daily
More
2024-06-05(0)
2024-06-04(0)
2024-06-03(1)
2024-06-02(0)
2024-06-01(1)
2024-05-31(1)
2024-05-30(0)
2024-05-29(1)
2024-05-28(1)
2024-05-27(1)

Code World

© 2018 codetd.com