SQL injection attacks are the most common means by which hackers attack Web sites. If your site does not use strict user input validation, it is very vulnerable to SQL injection attacks. SQL injection attacks are usually implemented by submitting bad data or query statements to the site database, which can potentially expose, change, or delete records in the database. Let's talk about how SQL injection attacks are implemented and how to guard against them.
Look at this example:
supposed input
$name = "Ilia"; DELETE from users; ";
mysql_query ("SELECT * from users WHERE name= ' {$name} '");
Obviously, the last command for the database to execute is:
SELECT * from users WHERE Name=ilia; DELETE from users
This has disastrous consequences for the database-all records have been deleted.
However, if you use the database is MySQL, then fortunately, the mysql_query () function does not allow the direct execution of such operations (not a single line to do multiple statement operations), so you can rest assured. If you use a database that is SQLite or PostgreSQL, support such a statement, then you will face extinction.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
