how to prevent SQL Injection in c language?
I currently use c language to process the http event, and I need to do the SQL operation with mysql, then how to prevent the SQL injection, is th开发者_运维问答ere any c library for that,thank you?
SQL Injection Attacks and Some Tips on How to Prevent Them
The way you prevent SQL injection (or shell escape injection, etc.) is not passing unquoted literal strings to an interface that treats some characters as special. You need to transform string data to a safe quoted form before including it as part of a larger "command string" that will be interpreted by an SQL database, shell, external command, API that takes URI strings, etc.
精彩评论