SQL Injection Attack is to use the design vulnerability, running the SQL command on the target server and performing other ways to dynamically generate the SQL command to verify the data input by the user is the main reason for the SQL injection attack. For example: If your query statement is select * from admin where username = '"& user &" "then, if my user name is: 1' or '1' = '1, you Query statement will become: select * from admin where username = '1 or' 1 '=' 1 'and password =' "& pwd &" "" This is to pass, so you can enter your management interface. Therefore, it is necessary to check the user's input. Special characters, such as single quotes, double quotes, semicolons, commas, colons, connect numbers, etc. Conversion or filtering.
Special characters and strings that need to be filtered include: Net user xp_cmdshell / add exec master.dbo.xp_cmdshell net localgroup administrators Select Count Asc char MID ': "Insert Delete from Drop Table Update Truncate From% below is the two of my writes about solving Injecting code for investment, for everyone to learn reference! JS version of the anti-SQL injection attack code ~: [code start]
