Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

What is SQL injection

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >

Share

Shulou(Shulou.com)05/31 Report--

This article is about what SQL injection is. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

1. What is sql injection (Sql injection)?

Sql injection is an attack that adds sql code to the input parameters and passes it to the Sql server for parsing and execution.

two。 How did it come about?

Web developers cannot guarantee that all input has been filtered

Attackers use input data sent to the Sql server to construct executable Sql code

The database has not been configured for security.

3. How to find sql vulnerabilities?

Identify all input points in the web application

Know what types of requests trigger exceptions? (special characters "or')

Detect anomalies in the server response

4. How to conduct SQL injection attacks?

Digital injection:

Select * from tablename where id=1 or 1

String injection:

Annotation properties of Mysql:

The ones after the # and-- signs are commented out and can be queried correctly no matter what the password is entered. Please click here to enter a picture description

5. How to prevent sql injection?

Strictly check the input format: is_numeric (var), validate verification of tp5. String injection is regular to see whether it is between [A-Za-z].

Escape: addslashes (str),

Escape by mysqli_escape_string () function

Pre-compilation Mechanism of 6.MySQLi

Parametric binding

Parametric binding, another barrier to prevent SQL injection. Both php MySQLi and PDO provide this feature. For example, MySQLi can query like this:

PDO is more convenient, such as:

Thank you for reading! This is the end of this article on "what is SQL injection?". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Input parameters characters server attacks services code content strings data more comments articles escape query good practical special security one vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple MySQL Docker Xiaomi NVidia MariaDB Apple Huawei Shulou Technology OPPO Reno Microsoft vpn macOS Linux Shulou Tech Info Shulou Information Redmi MySQL Docker Xiaomi NVidia MariaDB Apple Huawei Shulou Technology OPPO Reno Microsoft vpn macOS Linux Shulou Tech Info Shulou Information Redmi

Share To

Related

Database

More Database >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report