zoukankan      html  css  js  c++  java
  • How to Identify User&Password of DataBase safely in SQL statement?

    Problem description:
    for many developer, they don't care much about Passcode identity. when Logining into the database server ,they just write like this:
        sql="select * from user where username='"+username"' and password='"+password+"'

     as for this SQL statement is very dangerous or useless when someone use a special username to login ,just like set username as hacker' or '1'=1', and the identify statement will be the following:
      username='hacker' or '1'=1' and password=*******
    we can see that this statement will always be true!! that is key issue!!!

    Problem solution:
     we must make some deal with the variable username  and password when any client inputs their usename and password. for example ,we can re_encode the usename and password to ignore or delete all special character such as ',=,...

  • 相关阅读:
    伟大的微软,太智能了
    ASP.NET MVC中的统一化自定义异常处理
    去除无用的文件查找路径
    关于easyUI的一些js方法
    easyUI小技巧-纯干货
    easyui tree tabs
    ueditor初始化
    多图联动
    饼图tooltip
    配色
  • 原文地址:https://www.cnblogs.com/Winston/p/1027885.html
Copyright © 2011-2022 走看看