Nature of SQL injection attacks

What I did not expect is that such old things can still run out to stir up the wind and rain, and cause such great damage. Article It is also said that there will be a "third wave" of injection attacks, which will be even more difficult to detect at that time. Even Microsoft's bosses have come out to clarify that they are irrelevant to Microsoft's technology and coding, for this reason, Microsoft has also released three detection software. How is this SQL Injection Attack Vulnerability caused?

As Microsoft said, it is because of the websiteProgramNot only ASP, Asp. net, including JSP, PHP, and other technologies. Not only access and SQL Server databases, but also Oracle and MySQL and other relational databases are affected, which has nothing to do with Microsoft. In fact, this problem exists not only in B/S-based systems or websites, but also in C/S-based systems, however, the characteristics of the C/S architecture make it impossible for the B/S system to have such a wide impact. So why is this problem caused by improper coding by developers? Let's analyze it in detail.

First, let's take a look at the following two SQL query statements:
Statement 1: Select * from news where newstype = 1
Statement 2: Select * from news where newstype = 1; drop table news
Statement 3: Select * from news where newstype = 'social news'
Statement 4: Select * from news where newstype = 'social news '; drop table news --'
We all know that statement 1 is used to query all records whose newstype field value is equal to 1 in the News table. The newstype field type is numeric, such as int, smaillint, tinyint, and float; statement 2 is actually two statements. The first statement serves the same purpose as statement 1, and the second statement deletes the news table in the database. The functions of Statement 3 and 4 are basically the same as those of Statement 1 and Statement 2. The difference is that the newstype field in statements 3 and 4 is of the limit type, for example: char, varchar, nvarchar, text, etc.

Whether in ASP or ASP. net or JSP or PHP, we generally use the "select * from news where newstype =" + v_newstype Method to Construct Statement 1, or "select * from news where newstype = '" + v_newstype + "'" To construct Statement 3. v_newstype is a variable. If the value of v_newstype is equal to 1, statement 1 is constructed. If v_newstype's value is equal to "social news", Statement 3 is constructed. However, unfortunately, if we ignore the v_newstype check, this method may also be used to construct Statement 2 or statement 4. For example, the value of v_newstype is "1; drop table News" or "social news"; drop table news --", if we neglect others to take advantage of it, it will cause huge losses to us. SQL injection attacks use our negligence. The root cause of SQL injection attacks is that improper coding by developers has no direct relationship with your platform, development tools, and system architecture.

since the SQL injection attack is caused by improper encoding by the encoding personnel, which encoding is appropriate will not be attacked by SQL Injection? We will continue to introduce it in the next article.