Is blocking query commands enough to prevent SQL injection?

2018-07-03 16:15:18

This question already has an answer here:

How does the SQL injection from the “Bobby Tables” XKCD comic work? 12 answers

You don't have to ban all SQL commands from your inputs, you just need to make sure they are only ever treated as free text so that they cannot be accidentally executed as a command.

This is probably a good place to start:

https://en.wikipedia.org/wiki/SQL_injection

链接地址: http://www.djcxy.com/p/93822.html

上一篇: 测试SQL注入但会导致错误？

下一篇: 阻止查询命令足以防止SQL注入？