Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

How to protect against SQL injection vulnerabilities

2025-02-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >

Share

Shulou(Shulou.com)06/01 Report--

How to protect against SQL injection vulnerabilities [199cloud-Ina]

1. SQL injection principle

The cause of the vulnerability is that the data entered by the user is executed by the SQL interpreter.

two。 Common classification of SQL injection types

Numeric-character type, regardless of the type of injection, the purpose of the attacker is only one thing, that is to bypass program restrictions, make the data entered by the user into the database for execution, and take advantage of the particularity of the database to obtain more information or greater permissions.

For example:

(1) after the page URL, enter: user_id=1' and 1, 1, order by 4 #

(2) load the page, pass the parameters of url to the background, and execute the SQL statement in the background as follows: SELECT first_name, last_name FROM users WHERE user_id ='1' and 1 order by 4 #'

(3) according to the SQL syntax, the # mark annotated the subsequent quotation marks. Order by is used to query the number of columns, when the number of fields exceeds the number of fields in the database, the database will return an error message, so you can use order by to guess the number of fields in the database. Therefore, if you are familiar with SQL statements, you can further write more statements to query the database, resulting in privacy data leakage.

Common use of database injection purposes:

(1) query data

(2) read and write documents

(3) execution of orders

[prevent SQL injection]

There is no good way for the database to filter SQL injection directly. Only responsible for executing the SQL statement and returning the relevant data according to the SQL statement.

So: to defend against SQL injection, you still have to start with the code.

According to the classification of SQL injection, defense is mainly divided into two types: data type judgment and special character escape.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Data database statement field type query input vulnerability special information background character common more user purpose page classification defense protection vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple MariaDB Redmi Docker macOS Microsoft MySQL Linux vpn Xiaomi OPPO Reno Shulou Tech Info Shulou Technology Shulou Information NVidia Apple Huawei MariaDB Redmi Docker macOS Microsoft MySQL Linux vpn Xiaomi OPPO Reno Shulou Tech Info Shulou Technology Shulou Information NVidia Apple Huawei

Share To

Related

Database

More Database >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report