SQL Injection in sql match query

2023-03-26 00:23 问答作者：

Is this query hackable using sql injection ?

SELECT count(*开发者_Python百科) FROM mytable_fts where mytable_fts match ?

example

SELECT count(*) FROM mytable_fts where mytable_fts match "a"

I tried using

SELECT count(*) FROM mytable_fts where mytable_fts match "a" OR 1==1

but it didn't worked as it is going as match parameter.

can any body give example of sql injection on this query ?

SQL injection vulnerability has less to do with the query itself, than with how the query is constructed. If you use query variables instead of string concatenation, you will be OK. If you use string concatenation, then any query with parameters is vulnerable.

继续阅读：sql sql-injection

SQL Injection in sql match query

更多精彩内容

精彩评论

最新问答

央视是哪个频道？

请问买过的朋友，舒提啦旅行箱实际使用体验如何？？

检查不孕不育需要的费用？

海信ULED电视画质有什么不同的地方?？

钉子可以挂的住画框幕布吗？

问答排行榜

王昌瑞《潜梦追凶》剧组庆生新锐演员未来可期？

Is it allowed to ask users to enter credit card details for own payment method?

Escaping "<" in Perl-generated XML

imessage会显示已读吗？

微信重新建群怎么建？