SQL injection principle
is by inserting a SQL command into a Web form to submit or entering a query string for a domain name or page request, eventually reaching a malicious SQL command that deceives the server.
In general there are the following points:
1. Never trust the user's input, to verify the user's input, you can use regular expressions, or limit the length, the single quotation mark and the double "-" to convert, and so on.
2. Never use dynamically assembled SQL, either using parameterized SQL or directly using stored procedures for data query access.
3. Never use a database connection with administrator rights, and use a separate limited database connection for each app.
4. Do not store confidential information in plaintext, please encrypt or hash out the password and sensitive information.
The 11th day of the daily theme of love-creating classroom common web security and protection principles