I don't think mysql anti-injection is necessary? Recently, I have been studying SQL Injection Prevention to escape some special characters entered by users. I don't think this is necessary. When a user logs in, I only allow numbers, letters, and underscores. if a special character appears, I am prompted that it is not correct. Are you right? I don't think mysql anti-injection is necessary?
Recently, I have been studying SQL Injection Prevention to escape some special characters entered by users. I don't think this is necessary.
When a user logs in, I only allow numbers, letters, and underscores. if a special character appears, I am prompted that it is not correct.
Are you right? Share:
------ Solution --------------------
Are you restricted on the client or on the server?
------ Solution --------------------
What else do we do to prevent injection?
------ Solution --------------------
Reference:
Of course, this is my idea. I don't know if there are any drawbacks.
Is the landlord optimistic about it recently?
------ Solution --------------------
Many advanced systems can be cracked if they want. We just need to prevent Cainiao from breaking through. Others
------ Solution --------------------
People who want to destroy your program will certainly not use your page as normal people do. they can bypass your input box, such as directly operating in the address bar, when there is a gap, it will allow others to inject...
------ Solution --------------------
Only numbers, letters, and underscores are allowed.
If so, there is no database injection.
------ Solution --------------------
SQL injection is not only an input box, but also an input parameter in the address bar.
------ Solution --------------------
Reference:
Many advanced systems can be cracked if they want. We just need to prevent Cainiao from breaking through. Others
Basically agree.
------ Solution --------------------
Reference:
Quote: reference:
Are you restricted on the client or on the server?
On the server side, if a php regular expression is found to be not a character that is not allowed by me, the system will directly prompt that there are special characters, and there will be no dql or chance to inject these special characters,
Since it is server-side verification, as long as the verification is in place, it should be okay ~~~
------ Solution --------------------
Newbie passing
------ Solution --------------------
Anti-injection is already being performed when you judge the parameters.
------ Solution --------------------
Attention: many open-source systems in China can be injected at will, but they won't work like drupal. they are completely database abstraction layers and cannot be injected.
------------------------------------------------------ AutoCSDN signature file ------------------------------------------------------
Code farm-farm where code farming and grazing ideas are planted by code farmers!
------ Solution --------------------
