SQL injection in layman's

Source: Internet
Author: User

Text: SQL injection in layman's language

before doing the student information management system and the computer room charge system,forSQLthe problem of injection is already commonplace,but there's no real, vivid understanding of the image.SQLWhat the hell is injected?.It was not until this time that the beef brisket was under the teacher's example.,I understand.SQLIt's really dangerous to inject..

Questions raised:

Let's start by constructing a simple program to add news categories, add a TextBox control to a Dynamic Web page, a Button control, a GridView control. The layout looks like this:


Then write code for the control as follows:

First Look SQLHelper class to perform the SQL function of the statement

<span style= "FONT-SIZE:18PX;" >public int ExecuteNonQuery (String sql)        {            int res;            Try            {                cmd = new SqlCommand (Sql,getconn ());                res = cmd. ExecuteNonQuery ();            }            catch (Exception ex)            {                throw ex;            }            Finally {                if (conn. State ==connectionstate.open)                {                    Conn. Close ();                }            }            return res;        } </span>

then the function used to insert the data Insert

<span style= "FONT-SIZE:18PX;" > Public bool Insert (string caname)        {            BOOL flag = FALSE;            String sql = "Insert intocategory (name) VALUES ('" +caname + "')";            int res =sqlhelper. ExecuteNonQuery (SQL);            if (res > 0)            {                flag = true;            }            return flag;        } </span>

Finally, the Click event code that writes the button in the page code

<span style= "FONT-SIZE:18PX;" > protected void Button1_Click (Object Sender,eventargs e)        {            string caname = TextBox1.Text;            BOOL B = Newcategorydao (). Insert (caname);            Response.Write (b);            Gridview1.datasource = Newcategorydao (). SelectAll ();            Gridview1.databind ();        } </span>

After debugging no problem, run the program, the results such as


when we enter "anecdote" in the input box Delete category where id=5--"After clicking the button, the result is as follows:


when I saw this result, I was shocked, so easy to delete the data in the database? What is this for? We extract the SQL statements from the code and put the input into it to analyze the reasons, such as

It's just SQL injection of a simple example, there are many forms of SQL injected. As long as you can get your database table name (for the master, this so Easy), and your code is not security optimization, then I can arbitrarily change or even delete your data, above just delete a record, if the statement to change the Delete Category , then the entire table of data will be emptied, the consequences are very serious ah.

Solution:

one way is to parameterize the input content, and the original stitching SQL The statement becomes the way to SQL the arguments passed in the statement. Specifically, the insert function is modified, and the corresponding function in the SQLHelper class is also rewritten, the code is as follows:

First look at how the SqlHelper function is rewritten:

<span style= "FONT-SIZE:18PX;" >public int ExecuteNonQuery (String sql, SqlParameter [] paras)        {            int res;            using (cmd =new SqlCommand (SQL, Getconn ()))            {                cmd. Parameters.addrange (paras);                Res =cmd. ExecuteNonQuery ();            }            return res;        } </span>
then the optimization code for the Insert function:

<span style= "FONT-SIZE:18PX;" > Public bool Insert (string caname)        {            BOOL flag = FALSE;            String sql = "INSERT into category (name) VALUES (@caName)";            Sqlparameter[] Paras = new sqlparameter[]{                new SqlParameter ("@caName", CAName)            };            int res = SqlHelper. ExecuteNonQuery (SQL, paras);            if (res > 0)            {                flag = true;            }            return flag;        } </span>
after optimization debugging no problem, run the program, the results are as follows:

What happens when we enter " anecdote " in the input box, Delete category where id=2--"and then click the button? Please see:

Until now, I believe you have an intuitive understanding and understanding of SQL injection, when doing the system just know in the input box to enter an odd number of single quotation marks in the English state, will make your system error or even die, do not know that you can also by stitching SQL statements on the internal database operation, Therefore, the harm of SQL injection is not so profound understanding, now finally understand the original problem is very serious ah!




SQL injection in layman's

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.