Prevent SQL injection in applications.
防止应用程序中的SQL注入。
Know about SQL injection and how to prevent it.
了解SQL注入(SQL injection)及其预防方法。
This method removes the potential for an SQL injection attack.
这种方法消除了SQL注入攻击的可能性。
This is an effective way to guard against malicious SQL injection.
这是抵御恶意SQL注入的有效方法。
To find the problem with any SQL injection, perform source code analysis.
要发现任何SQL注入问题,可执行源代码分析。
SQL injection is still one of the most common types of an injection flaw.
SQL注入仍然是最常见的一种注入缺陷。
SQL injection attacks are a vulnerability that tend to hurt high-value sites.
SQL注入攻击是一个可能会损害高价值站点的漏洞。
SQL injection attacks can also be used to change data or damage the database.
SQL Injection攻击还可用于更改数据或损坏数据库。
Automatically escapes data saved to the database (to prevent SQL injection attacks).
避免数据自动存入数据库(阻止SQL注入式攻击)。
This removes the need to do preparation at runtime and can reduce SQL injection risk.
这样就无需在运行时执行准备工作,且可以减少SQL注入风险。
In an SQL injection attack, a program creates an SQL command and sends it to an SQL interpreter.
在SQL注入攻击中,程序会创建一个SQL命令,并将其发送给SQL解释器。
In an SQL injection attack, Mallory finds a Web site that Alice has created to sell electronics.
在SQL注入攻击中,Mallory找到Alice创建来售电的一个Web站点。
Doing so makes the SQL easier to maintain and secures your application from SQL injection attacks.
这样做可使SQL更加易于维护,且可使您的应用程序免受SQL注入攻击。
If your application exclusively USES prepared statements, you can be sure that no SQL injection will occur.
如果应用程序独占地使用预处理语句,那么可以确保没有SQL入侵发生。
Ruby on Rails has some clever helper methods, for example against SQL injection, so that this is hardly a problem.
Rubyon Rails有许多聪明的helper方法,例如防止注入攻击的方法,这让sql注入变成了困难的事情。
Editable Data Validation - HDIV analyzes all editable fields to remove cross-site scripting and SQL injection attacks.
可编辑数据验证——为了去除跨站点脚本和SQL注入攻击,HDIV分析所有的可编辑数据域。
The SQL injection attack shown in Figure 3 resulted in the display of user names and passwords from the Users table.
图3所示的SQL Injection攻击导致显示users表中的用户名和密码。
Using the Hacme Casino site again, let's look at the vulnerability that WebScarab found: an SQL injection exploit at the login.
再次使用Hacme Casino站点,我们来看一下WebScarab发现的漏洞:在登录时出现一个SQL注入exploit。
SQL injection is the second most popular vulnerability, primarily because of the growing dependence Web sites have on databases.
SQL注入是第二个最流行的漏洞,这主要是因为Web站点对数据库的依赖性日益增加。
SQL injection is essentially the same problem as the shell meta-character one, but with an SQL interpreter instead of the shell.
SQL注入本质上与shell元字符的问题是相同的,不过它是由SQL解释器进行解释的,而不是由shell进行解释的。
Although this example demonstrates an SQL injection in its simplest form, you can see just how easy it is for an attacker to use.
尽管本例以最简单的形式演示了一个SQL注入,但是您可以看出攻击者利用SQL注入有多么容易。
Like the SQL injection attack, you can often easily deal with the threat if you follow best practices to develop secure applications.
与SQL注入攻击类似,如果使用最佳实践开发安全的应用程序,通常可以轻松地处理该威胁。
Many intrusion vulnerabilities such as SQL injection, CSRF, and XSS are preventable using a comprehensive input-validation framework.
如果使用一个综合的输入验证框架,许多输入漏洞,如SQL注入、CSRF和XSS,都是可以避免的。
In addition to the overflow exploits, SQL injection is one other type of attack that relies on developer oversight by not testing incoming data.
除了溢出的利用以外,SQL注入是另一类依赖于开发人员没测试输入数据的疏漏的攻击。
By supporting parameterized statements, you exploit the advanced features provided by these, like access path reuse and SQL injection prevention.
由于支持参数化语句,您可以利用这种语句提供的高级特性,例如访问路径重用和SQL注入预防。
Like the last example, the page is ripe for SQL injection attacks because the executed SQL is constructed dynamically from a user-entered value.
与上一示例一样,此页也会受到SQL Injection攻击,因为执行的SQL是通过用户输入的值动态构造的。
Max shows in this use case that Flume tackles problems well beyond known vulnerability types (buffer overrun, cross-site scripting and SQL injection).
Max以此用例说明Flume能解决的问题远不止已知的缺陷类型(缓冲区溢出、跨站脚本以及SQL注入)。
Cross-site scripting (XSS) and SQL Injection are considered the weakest points in software, while the buffer overflow comes third, according to cwe.
根据CWE的列表,跨平台脚本攻击(XSS)和SQL注入被认为是软件最薄弱的环节,而位于第三位的是缓冲区溢出。
An attacker may use directory traversal and cross-site ccripting during a scan phase and then hit it with an SQL injection or an RFI in the exploit phase.
在扫描阶段,攻击者可能会利用路径遍历和跨站点脚本;在攻击阶段,黑客可能会利用SQL注入或远程文件包含进行攻击。
While not directly related to SQL injection attacks, BestLogin.aspx demonstrates another security best practice: the encryption of connection strings.
虽然不与SQL Injection攻击直接相关,但是 BestLogin.aspx演示了另一种安全最佳做法:对连接字符串进行加密。
应用推荐