Monday, January 9, 2017

SQL Injection



SQL注入攻击是通过数据库漏洞获取有用数据










' or 1=1--

如有些网站程序的SQL就变成:
select * from users where name='test' and password='' or 1=1--'


所以要做到:
1. 验证输入
2. 加密输出output比如log
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)