Some questions about SQL injection. URL injection.
Source: Internet
Author: User
Some questions about SQL injection ... URL injection ....
Use some SQL injection tools to detect your own background ... Discovery display can inject. Want to ask for advice on how to prevent injection
All illegal characters have been filtered out in the form's detection .....
Now I don't know how to filter out illegal characters from the URL ...
Want to find out the URL injection principle and anti-injection method ...
How exactly did you submit the query from the address?
------Solution--------------------
Theoretically, as long as the incoming data is applied directly to the SQL instruction without processing, there is the possibility of SQL injection
How to evaluate the damage caused by SQL injection, it's a little more fastidious
1. PHP has taken steps to prevent SQL injection: Only one SQL command can be executed at a time. This broke the path of catastrophic damage by refactoring SQL instructions. (Additional delete, drop)
2. One exception is Mysqli_multi_query, which allows multiple instructions to be executed at once. The risks are borne by the users themselves.
3, only change the query conditions (constant set) does not constitute a threat, at most, the intruder has the rights of the webmaster, this can be resolved by first inserting a special name of the administrator. Exit the program whenever the user name is checked
4, or see the data should not appear in this column, but this does not affect the normal browsing of other users
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.