Shulou(Shulou.com)05/31 Report--

This article shows you how to explain the sql injection code, which is concise and easy to understand, which will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

The SQL query code for login authentication for a website is:

1strSQL = "SELECT * FROM users WHERE (name ='" + userName + "') and (pw ='" + passWord + ""); "

Malicious filling

2userName = "1'OR'1"

Vs.

3passWord = "1'OR'1"

Will cause the original SQL string to be filled as

4strSQL = "SELECT * FROM users WHERE (name ='1' OR'1') and (pw ='1' OR'1');"

That is, the SQL command that is actually run will look like this

5strSQL = "SELECT * FROM users;"

Therefore, if you do not have an account password, you can also log on to the website. So SQL is injected into the game of filling in the blanks, which is commonly known as *.

The above is how to explain the sql injection code. Have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.