SQL Injection is called the king of vulnerabilities , Is one of the most commonly used vulnerabilities , among PHP The greatest contribution in this regard

SQL Injection principle

User inserts malicious in parameters SQL sentence , Destroy the original SQL Grammatical structure , To perform the attacker's actions

SQL Injection point

Injection points can be divided into two categories : Digital type and character  

The character type can be subdivided into Single quote character , Double quotation mark character type , single / Double quotation mark + Character type of parentheses

Digital injection

SQL Statement splicing parameters , Direct splicing parameter itself , The format is as follows
SELECT * FROM users WHERE id=$id
Character injection

SQL Statement splicing parameters , A single quotation mark is wrapped around the parameter , Double quotation mark , Or parentheses

Single quote character : The argument is wrapped in single quotes , The format is as follows
SELECT * FROM users WHERE id='$id'
  Single quotation mark + Bracket character type : The argument is wrapped in single quotes and parentheses , The format is as follows
SELECT * FROM users WHERE id=('$id')
Double quotation mark + Bracket character type : The argument is wrapped in double quotes and parentheses , The format is as follows
$id = '"' . $id . '"'; SELECT * FROM users WHERE id=($id)
  These are not the only three types of character injection , SQL Single quotation marks can be used in statements , Double quotation mark , Bracket free splicing

 

Technology
©2019-2020 Toolsou All rights reserved,
【C++ Must see for entry 】C++ from 0 reach 1 Introductory programming axios Interceptor packaging and use Spring Boot Interview must ask : Automatic configuration principle VMware 16 install centos 7 Detailed tutorial C Language data structure - Sequence table delete duplicates V2.0.0 The 12th Blue Bridge Cup c++b Group personal problem solving On sending data from serial port single chip microcomputer to upper computer centos7 install RabbitMqjava Polymorphic array of opencv-python Fourier transform and inverse transform