A further understanding of SQL injection

As a regular customer dealing with the database, will certainly involve the problem of SQL injection, before I briefly introduced this aspect of the problem, then the feeling is that if you do not make some restrictions on the input data, then your database is very dangerous, the small data is broken, the big system ran, Serious words if it is a big information or financial system will have unthinkable consequences, these days in the press release system, the teacher personally showed us the effect of SQL injection, but also let oneself have a deeper understanding of SQL injection, the following share their own SQL injection of re-understanding!

SQL injection is the fixed structure of SQL statements that try to get some field information in the database, which can result in unpredictable results. For example, our text box is a function to implement query information, then its SQL statement is select information from where * * *, then we enter the content corresponding to information, once we enter in the text box "') Delete * * ", then the real SQL statement in the database is select information ') Delete * * * FROM WHERE * * *.

The effect is as follows:

So the system will think of this as two SQL statements, which will result in the loss of information in the database, it can be said that this is a SQL Structured query statement of the drawbacks, so in order to avoid such problems, there is a study of SQL injection problem.

In order to avoid such problems, we often use the method of inserting parameters to solve, that is, there is no real or similar to the database field names exist, we pass in the system are parameters, which greatly reduces the risk of database corruption, but to maintain the security of the database is a comprehensive, grand topic, I also need more study and understanding, look forward to everyone's enlighten!

A further understanding of SQL injection