攻击者将其恶意输入注入到sql语句中,以修改查询语句的逻辑。
The attacker injects his malicious inputs to the SQL statement to change the query's logic.
下面是SQL注入的工作方式:首先,假设一条sql语句接受用户提供的数据,没有输入确认规则就可在数据库中查找团队成员的联系信息。
Here is how an SQL injection works: First, assume an SQL statement accepts user-supplied data to look up a team member's contact information from a database without input validation rules.
除了溢出的利用以外,SQL注入是另一类依赖于开发人员没测试输入数据的疏漏的攻击。
In addition to the overflow exploits, SQL injection is one other type of attack that relies on developer oversight by not testing incoming data.
应用推荐