First, we will introduce what SQL injection is. The following is the definition I found on the Internet:
SQL injection is accessed from the normal WWW port, and it seems to be no different from the general web page access, so the current Municipal firewall does not alert SQL injection, if the Administrator does not check IIS logs, it may be invisible for a long time.
With the development of B/S application development, more and more programmers are writing applications using this mode. However, due to the low entry threshold in this industry, the programmer's level and experience are also uneven. A considerable number of programmers did not judge the legitimacy of user input data when writing code, application security risks. You can submit a piece of database query code and obtain the desired data based on the results returned by the program. This is called SQL injection, that is, SQL injection.
Now that you know the concept, let's take a look at how to prevent it. This is the key.
A simple way to prevent SQL injection is to filter strings and filter out SQL-related strings and some special characters.
The following are common strings:
String [] SQL _indata = {":", ";", ">", "<", "--", "SP _", "XP _","/", "dir", "cmd", "^", "(", ")", "+", "$", "'", "copy", "format ", "and", "EXEC", "insert", "select", "delete", "Update", "Count", "*", "%", "CHR ", "mid", "Master", "truncate", "char", "declare "};
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
