Haohappy
http://blog.csdn.net/Haohappy2004
SQL injection attacks are the most common means by which hackers attack websites. If your site doesn't use strict user input validation, it's very susceptible to SQL injection attacks. SQL injection attacks are typically implemented by submitting bad data or query statements to the site database, which is likely to expose, change, or delete records in the database. Let's talk about how SQL injection attacks are implemented and how to prevent them.
See this example:
supposed input
$name = "Ilia"; DELETE from users; ";
mysql_query ("SELECT * from users WHERE name= ' {$name} '");
It is clear that the last command executed by the database is:
SELECT * from users WHERE Name=ilia; DELETE from users
This has disastrous consequences for the database-all records have been deleted.
However, if the database you are using is MySQL, then fortunately, the mysql_query () function does not allow you to perform such operations directly (multiple statement operations cannot be done on a single line), so you can rest assured. If you are using a database that is SQLite or PostgreSQL to support such statements, then you will face extinction.
http://www.bkjia.com/PHPjc/318374.html www.bkjia.com true http://www.bkjia.com/PHPjc/318374.html techarticle haohappy http://blog.csdn.net/Haohappy2004 SQL injection attacks are the most common means of hacking attacks on websites. If your site does not use strict user input testing, then it is very easy to suffer ...