如何解决插入数据以避免此错误 [英] How to solve the insert data avoiding this error
问题描述
我有一个表列名称是用户名和电子邮件插入表
asp.net web应用程序使用假设任何一个给出这种类型的输入抛出运行时错误如何解决
用户名:len'
电邮:lenin@gmail.com
用户名使用(')抛出错误
我该怎么办
我尝试了什么:
i只给出了验证字符,但我需要更多关于这个问题的知识
这是因为'(单曲)而发生的。
您需要了解SQL注入防止SQL注入攻击 [ ^ ]
和参数化查询使用参数化查询来防止SQL Server中的SQL注入攻击 [ ^ ]
我希望这能解决你的问题。
引用:我该怎么办
发布asp代码。
这个错误闻起来像是sql注入问题。
永远不会构建通过连接字符串进行SQL查询。迟早,您将使用用户输入来执行此操作,这会打开一个名为SQL注入的漏洞,这对您的数据库很容易并且容易出错。
名称中的单引号你的程序崩溃。如果用户输入像Brian O'Conner这样的名称可能会使您的应用程序崩溃,那么这是一个SQL注入漏洞,崩溃是最少的问题,恶意用户输入,并且它被提升为具有所有凭据的SQL命令。
SQL注入 - 维基百科 [ ^ ]
SQL注入 [ ^ ]
按示例进行SQL注入攻击 [ ^ ]
PHP:SQL注入 - 手册 [ ^ ]
SQL注入预防备忘单 - OWASP [ ^ ]
i have one table column name are username and email insert table
asp.net web application using suppose any one giving this type of input throw run time error how to solve
user name : len'
email : lenin@gmail.com
user name using (') throw error
what can i do
What I have tried:
i give validation only getting characters only but i need more idea about this problem
Hi,
this happen because of '(single quot).
you need to know about SQL injection Preventing SQL Injection Attacks[^]
and parameterized queries Using Parameterized queries to prevent SQL Injection Attacks in SQL Server[^]
I hope this will solve your problem.
Quote:what can i do
Post asp code.
This error smells like an "sql injection" problem.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
这篇关于如何解决插入数据以避免此错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
