Home > Others

SQL injection principles and examples

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
  • Introduction

With the development of B/s pattern application development, more and more programmers use this model to write applications. However, due to the lack of entry threshold in this industry, the level and experience of programmers is also uneven, a large part of the programmer in writing code, the user does not judge the legality of input data, so that the application has a security risk. The user can submit a database query code, according to the results returned by the program, to obtain some of the data he wants to know, this is called SQL injection, that is, SQL injection.

SQL injection is accessed from the normal WWW port, and the surface seems to be no different from the General Web page access, so the current firewall in the market does not alert SQL injection, if the administrator does not view the IIS log habits, may be invaded for a long time will not be detected. However, the approach of SQL injection is quite flexible, and there are many unexpected situations when injected. Can analyze according to the specific situation, constructs the ingenious SQL statement, thus obtains the desired data successfully, is the master and "rookie" the fundamental difference.

According to national conditions, the domestic website with asp+access or SQL Server accounted for more than 70%, php+mysq accounted for 20%, the other less than 10%. In this article, we from the sub-entry, advanced to high-level to explain the ASP injection methods and techniques, PHP injection of the article by the NB Alliance, another friend Zwell wrote, hoping to be useful to security workers and programmers. Learn about ASP injection friends also do not skip the introductory article, because some people to inject the basic judgment method still has the misunderstanding. Are you ready for the job? Lets Go ...

  • Introductory article

If you haven't tried SQL injection before, the first step is to get the IE menu + tools = + Internet options + advanced + Show friendly HTTP error message before the tick is removed. Otherwise, IE will only appear as an HTTP 500 server error, and no more prompts will be available, regardless of what error the server returns.

The first section, SQL injection principle

SQL injection principles and examples

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
sql injection attacks and defense what sql injection and prevent sql injection to get username and password sql injection username and password example pl sql procedures and functions examples information security principles and practice computer security principles and practice

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More