zoukankan      html  css  js  c++  java
  • How to Identify User&Password of DataBase safely in SQL statement?

    Problem description:
    for many developer, they don't care much about Passcode identity. when Logining into the database server ,they just write like this:
        sql="select * from user where username='"+username"' and password='"+password+"'

     as for this SQL statement is very dangerous or useless when someone use a special username to login ,just like set username as hacker' or '1'=1', and the identify statement will be the following:
      username='hacker' or '1'=1' and password=*******
    we can see that this statement will always be true!! that is key issue!!!

    Problem solution:
     we must make some deal with the variable username  and password when any client inputs their usename and password. for example ,we can re_encode the usename and password to ignore or delete all special character such as ',=,...

  • 相关阅读:
    垃圾回收机制,正则模块
    日常模块
    文件路径带有字符串的处理方法
    QT进制之间的相互转换
    4-7 selectors模块
    4-5 异步IO模型
    4-4 多路复用IO模型
    4-3 非阻塞IO
    4-2 阻塞IO
    4-1 IO模型介绍
  • 原文地址:https://www.cnblogs.com/Winston/p/1027885.html
Copyright © 2011-2022 走看看