Shulou(Shulou.com)06/01 Report--

This article mainly introduces the methods to prevent sql injection, the article is very detailed, has a certain reference value, interested friends must read it!

The ways to prevent SQL injection are as follows: when executing sql statements, use addslashes to convert sql statements, filter out some keywords in sql statements, and improve the naming skills of database tables and fields.

The cause of SQL injection

In the process of program development, we do not pay attention to standardizing the writing of sql statements and filtering special characters, so that the client can submit some sql statements through global variables POST and GET for normal execution.

Ways to prevent SQL injection

1. Enable the magic_quotes_gpc and magic_quotes_runtime settings in the configuration file

2. Use addslashes to convert sql statements when executing sql statements

3. Try not to omit double quotation marks and single quotation marks in Sql statement writing.

4. Filter out some keywords in the sql statement: update, insert, delete, select, *.

5. Improve the naming skills of database tables and fields, name some important fields according to the characteristics of the program, and choose those that are not easy to guess.

6. Set register_globals to off in the Php configuration file and turn off global variable registration

7. control the error message, do not output the error message on the browser, and write the error message to the log file.

8. Waf protection system can be used for protection.

The above are all the methods to prevent sql injection, thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.