Shulou(Shulou.com)06/01 Report--

Prevent SQL injection

SQL injection: deceives the server to execute malicious SQL by passing parameters maliciously.

Select * from students where id=2 or 2 / 2; / / obtain full table data by making the where condition true.

Then guess the table name and make changes to the table.

1. Do not trust the input of client users, including form submit and get request parameter strings, which should be verified. Regular verification, limit the length of parameters, improve single and double quotation marks, and encrypt parameters.

2. Don't assemble SQL dynamically, use PreparedStatement.

3. Do not use root permissions for database links, but assign separate permissions to the application.

4. Key information is encrypted and stored.

5. The abnormal information returned to the front end should be packaged to prevent the system information from being exposed to the front end in the original exception.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.