Shulou(Shulou.com)05/31 Report--

This article mainly explains "what are the ways to prevent sql injection". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what are the ways to prevent sql injection"?

The ways to prevent SQL injection are as follows: when executing sql statements, use addslashes to convert sql statements, filter out some keywords in sql statements, and improve the naming skills of database tables and fields.

The cause of SQL injection

In the process of program development, we do not pay attention to standardizing the writing of sql statements and filtering special characters, so that the client can submit some sql statements through global variables POST and GET for normal execution.

Ways to prevent SQL injection

1. Enable the magic_quotes_gpc and magic_quotes_runtime settings in the configuration file

2. Use addslashes to convert sql statements when executing sql statements

3. Try not to omit double quotation marks and single quotation marks in Sql statement writing.

4. Filter out some keywords in the sql statement: update, insert, delete, select, *.

5. Improve the naming skills of database tables and fields, name some important fields according to the characteristics of the program, and choose those that are not easy to guess.

6. Set register_globals to off in the Php configuration file and turn off global variable registration

7. control the error message, do not output the error message on the browser, and write the error message to the log file.

8. Waf protection system can be used for protection.

SQL database lookup error log file path

Show variables like 'log_error'

In mysql databases, error logging is enabled by default. Also, the error log cannot be disabled. By default, the error log is stored in a data file in the mysql database. The name of the error log file is usually hostname.err. Where hostname represents the server hostname.

The error log information can be configured by itself, and the information recorded in the error log can be defined through log-error and log-warnings, where log-err defines whether the error log is enabled and where the error log is stored, and log-warnings defines whether warning information is also defined in the error log.

By default, the error log records the following information: information during server startup and shutdown (not necessarily error messages, such as how mysql starts InnoDB's tablespace file, how to initialize its own storage engine, etc.), error messages while the server is running, information generated when the event scheduler runs an event, and information generated when starting the server process from the server.

SQL database lookup log file path

Show variables like 'general_log_file'

Log is an important part of mysql database. The log file records the changes that occur during the operation of the mysql database; that is, it is used to record the client connection status of the mysql database, the execution of SQL statements, error messages, and so on. When the database is accidentally damaged, the cause of the file error can be seen through the log, and the data can be recovered through the log file.

SQL database slow query log file path

Show variables like 'slow_query_log_file'

Thank you for your reading, the above is the content of "what are the ways to prevent sql injection?" after the study of this article, I believe you have a deeper understanding of the way to prevent sql injection, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.