zoukankan      html  css  js  c++  java
  • Ethical Hacking

    SQL INJECTION

    Preventing SQLi

    • Filters can be bypassed.
    • Use a blacklist of commands? Still can be bypassed.
    • Use whitelist? Same issue.

    -> Use parameterized statements, separate data from SQL code.

    <?php
    //$textbox1 = admin' union select #
    Select * from accounts where username = '$textbox1'
    //Bad Sample: Select * from accounts where username = 'admin' union select #'
    
    Safe:
    ->prepare(Select * from accounts where username = ?")
    ->execute(array('$textbox1')) 
    
    //prepare(Select * from accounts where username = "'admin' union select #'")
    //execute(array('admin' union select #')) 
    ?>
    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    车厢重组
    军事机密
    士兵站队
    归并排序
    输油管道
    冒泡排序
    快排
    烦人的幻灯片(确实烦人啊)
    奖金(类拓扑排序)
    能量项链
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/12288767.html
Copyright © 2011-2022 走看看