Example: Suppose that the input of an account password is judged in the database.
SELECT = ' 123456 ' as Pwdcorrect from T_user WHERE FUSER='GUEST'
If you enter:
SELECT (Fpassword='1'OR'1'=' 1' as pwdcorrect from t_userWHERE FUSER='ABC'
Because ' 1 ' = ' 1 ' always returns True, this creates a SQL injection vulnerability.
Workaround:
①: Filtering Sensitive characters
if (User.contains ("or","and","select" ,"delete")) { printf (" there may be an injection exploit!") ");}
② using parameterized SQL statements ( recommended )
stringUser=Textuser.gettext ();stringpassword=textpassword.gettext (); query=createquery ("SELECT (fpassword=:P assword) as Pwdcorrect from T_user WHERE f_user=:user"); query. Setparameter (":P Assword", password); query. Setparameter (": USER", user);if(Rs.getbool ("Pwdcorrect")==TRUE) { //Password is correct}
Injection vulnerability in "sharing" SQL