How to take preventive measures by SQL injection 01/17 Update SLTechnology News&Howtos

How to take preventive measures by SQL injection

2025-01-17 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >

Shulou(Shulou.com)05/31 Report--

Editor to share with you how to do preventive measures of SQL injection, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

1. What is sql injection (Sql injection)?

Sql injection is an attack that adds sql code to the input parameters and passes it to the Sql server for parsing and execution.

two。 How did it come about?

Web developers cannot guarantee that all input has been filtered

Attackers use input data sent to the Sql server to construct executable Sql code

The database has not been configured for security.

3. How to find sql vulnerabilities?

Identify all input points in the web application

Know what types of requests trigger exceptions? (special characters "or')

Detect anomalies in the server response

4. How to conduct SQL injection attacks?

Digital injection:

Select * from tablename where id=1 or 1

String injection:

Annotation properties of Mysql:

The ones after the # and-- signs are commented out and can be queried correctly no matter what the password is entered. Please click here to enter a picture description

5. How to prevent sql injection?

Strictly check the input format: is_numeric (var), validate verification of tp5. String injection is regular to see whether it is between [A-Za-z].

Escape: addslashes (str),

Escape by mysqli_escape_string () function

Pre-compilation Mechanism of 6.MySQLi

Parametric binding

Parametric binding, another barrier to prevent SQL injection. Both php MySQLi and PDO provide this feature. For example, MySQLi can query like this:

PDO is more convenient, such as:

The above is all the contents of the article "how to take precautions by SQL injection". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.