以一个先前的专栏中我们已经论及了一个常见的错误:缓冲区溢出(参阅以获得安全编程先前部分的链接)。
We've already covered one common mistake, buffer overflows, in a previous column (see Resources for links to previous installments of Secure programmer).
攻击者可以蓄意地安排他们的输入,使之溢出引号之外,并在您想运行的真正查询后面链接上任意一个查询。
Attackers can deliberately craft their input so that it escapes out of quoting, and chain an arbitrary query on the end of the one you had intended to run.
应用推荐