Doing so makes the SQL easier to maintain and secures your application from SQL injection attacks.
这样做可使SQL更加易于维护,且可使您的应用程序免受SQL注入攻击。
In an SQL injection attack, a program creates an SQL command and sends it to an SQL interpreter.
在SQL注入攻击中,程序会创建一个SQL命令,并将其发送给SQL解释器。
A SQL injection vulnerability occurs when a user is able to pass SQL code directly to the application in such a way that the code will be executed in a query.
如果用户能够将SQL代码直接传递给应用程序,此代码将在一个查询中执行,那么就可能发生SQL注入攻击。
This attack functions almost exactly like the blind SQL injection attack but, unlike SQL injection attacks, few people know about XPath injection attacks or take precautions against them.
这种攻击的运作跟SQL盲注攻击几乎完全相似,与SQL注入攻击不同的是,几乎没什么人了解XPath盲注攻击或对其进行预防。
Also, by using static SQL you reduce the opportunity for malicious injection, which is a well-known security issue with dynamic SQL.
另外,通过使用静态SQL,您可以降低恶意注入的机会,这是动态sql的一个众所周知的安全问题。
Also, by using static SQL, you reduce the opportunity for malicious injection, which is a well-known security issue with dynamic SQL.
另外,通过使用静态SQL,您可以降低恶意注入的机会,这是动态sql的一个众所周知的安全问题。
Here is how an SQL injection works: First, assume an SQL statement accepts user-supplied data to look up a team member's contact information from a database without input validation rules.
下面是SQL注入的工作方式:首先,假设一条sql语句接受用户提供的数据,没有输入确认规则就可在数据库中查找团队成员的联系信息。
In addition, the more SQL that can be executed statically means less opportunity for malicious injection, which is a well-known security issue with dynamic SQL.
此外,可静态执行的SQL越多,则意味着恶意注入的机会越少,恶意注入是动态sql的一个众所周知的安全问题。
SQL injection is a technique which enables an attacker to execute unauthorized SQL commands by taking advantage of non-scrutinized input opportunities in applications that build dynamic SQL queries.
SQL注入这种技术使攻击者可以利用应用程序中未仔细检查的输入机会来执行未经授权的SQL命令,而应用程序的本意是使用该输入来构造动态sql查询。
SQL injection is essentially the same problem as the shell meta-character one, but with an SQL interpreter instead of the shell.
SQL注入本质上与shell元字符的问题是相同的,不过它是由SQL解释器进行解释的,而不是由shell进行解释的。
Like the last example, the page is ripe for SQL injection attacks because the executed SQL is constructed dynamically from a user-entered value.
与上一示例一样,此页也会受到SQL Injection攻击,因为执行的SQL是通过用户输入的值动态构造的。
Most developers have heard of a good example of an anti-pattern: The improper use of Structured Query Language (SQL) libraries that result in SQL injection attacks on Web sites.
大多数开发人员听说过关于反模式的一个很好的例子:结构化查询语言(Structured Query Language,SQL)的错误使用导致Web 站点受到 SQL注入攻击。
If you're using SQL for the database transactions you should read-up on how to avoid SQL injection.
如果您使用的是SQL的数据库事务你应该读一下关于如何避免SQL注入。
In this article, the author explains the principle and process of SQL Injection Attack, and introduces a serial interrelated solution to prevent SQL Injection Attack from the aspect of code in detail.
介绍了SQL注入攻击原理,SQL注入攻击的过程,并从功能代码本身方面详细介绍了SQL注入攻击的防范措施。
Parameterized commands guard against a SQL injection attack by guaranteeing that values received from an external source are passed as values only, and not part of the SQL statement.
参数化的命令会借由保证从外部来源接收的值只以数值传递,而不以SQL陈述式传递,以防范SQL投射攻击。
The main way: password loophole attack, SQL Server extended stored procedure attack, SQL Injection (SQL Injection), steals backup, etc.
主要手法有:口令漏洞攻击、SQLServer扩展存储过程攻击、SQL注入(SQL Injection)、窃取备份等。
Using parameterized commands helps guard against SQL injection attacks, in which an attacker "injects" a command into a SQL statement that compromises security on the server.
使用参数化命令有助于防范SQL投射攻击,在此类攻击中,攻击者会「投射」命令到 SQL陈述式中,对伺服器的安全性造成危害。
Using parameterized commands helps guard against SQL injection attacks, in which an attacker "injects" a command into a SQL statement that compromises security on the server.
使用参数化命令有助于防范SQL投射攻击,在此类攻击中,攻击者会「投射」命令到 SQL陈述式中,对伺服器的安全性造成危害。
应用推荐