开发者

What is SQL injection [closed]

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center. Closed 12 years ago.

I want to know about SQL injection.

So,开发者_StackOverflow中文版 please help me.


Lots of information about SQL Injection on wikipedia, and xkcd has a very good example as well.

In general, if your application is using a SQL database, a SQL Injection attack is an attempt to use your program to pass dangerous values to the SQL database.

The best preventative measures are to never construct SQL strings without cleaning them up - the best way to do this is to use parameterized queries and widely used data access libraries.


Start here: google "sql injection".

You will see that there is plenty to read about it.

If you want to protect yourself against sql injection, you have to be a bit more specific, as the exact methods differ depending on the database and on the platform using the database.


It is the technique to manipulate the input to control your sql. Read more here is better for you Attacks by Example

Wiki


Couple of places to get started:

  1. OWASP: Lots of principals on secure web app design. Check the first entry of the Top 10 on injection
  2. Injection for .NET developers: Details on what it is and how to protect against it if you're working with .NET.


It allow a attacker to tamper with existing data, destroy the data or make it otherwise unavailable, and in short become administrators of the database server...

This attack involves injecting SQL commands in the query input thus effecting predefined SQL commands exection.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜