With the development of B / S mode application development, programmers who use this model to write applications have become more and more. However, due to the level and experience of the programmer, a considerable number of programmers do not judge the legality of the user input data when writing code, so that the application has security hazards. Users can submit a database query code, obtain certain data he wants, which is the so-called SQL Injection, ie SQL Injection, is SQL Injection, which is the so-called SQL Injection, which is SQL Injection. SQL injection is accessed from normal WWW port, and the surface looks with the general web page access, there is no difference in web page access, so the current market firewall will not issue an alert to SQL injection. If the administrator does not view the habit of IIS logs, it may be invaded Will not find out for a long time. However, the technique of SQL injection is quite flexible, and there will be many unexpected situations when injected. Can you analyze and construct a smart SQL statement according to the specific situation, thereby successfully acquired the desired data.
