Summarize the problems encountered in today’s written test
1. String type variable + int type variable?
I thought it would compile and report an error, but after testing, I found that it was string concatenation.
Analysis:
In Java, strings and numbers are directly connected with the '+' sign, which treats numbers as strings. This is JAVA's automatic boxing mechanism, which is ultimately equivalent to string splicing.
2. What are the communication methods between processes?
Analysis: Inter-process communication methods include pipes, message queues, semaphores, shared memory, and Socket sockets . (I’m not familiar with this part, so I’ll mark it first)
3. What is SQL injection and how to prevent it?
I probably know that the server is deceived through specially spliced SQL and performs unsafe operations. But the expression is not clear enough.
Analysis: The so-called SQL injection is to insert a SQL command into a Web form to submit or enter a domain name or query string for a page request, and ultimately trick the server into executing malicious SQL commands.
prevent:
- Do not use dynamic assembly of sql, use parameterized sql.
- Don't trust user input, verify the input, use regular expressions, or limit the length to convert single quotes.
4. What is the difference between get and post in http protocol?
Analysis: Both get and post submit data to the server, and both obtain data from the server.
the difference:
- Transmission method: get is transmitted through the address bar, and post is transmitted through the message.
- Transmission length: The get parameter is limited in length (limited by the url length), while the post is unlimited.
- Security: The security of get is very low, and the security of post is higher, but the execution efficiency of post is higher than that of get.
- get generates one TCP packet and post generates two TCP packets. (For get, the browser will send the header and data together, and the server will respond with 200 (returning data). For post, the browser will first send the header and the server will respond with 100 to continue, and then the browser will send the data and the server will respond with 200 (returning data)) ( Therefore, get is more efficient than post, but it is unsafe and must be used with caution)
Summary:
Learning is a long accumulation process. When you encounter problems, summarize more and think more.