SQL INJECTION需要一个解决方案 [英] Need a Solution For SQL INJECTION

问题描述

我的数据库受到了Sql Injetion的攻击。它解决了很多问题。

请告诉我如何停止Sql Injection攻击。

谢谢！..

My Database was attacked by Sql Injetion.It makes lot of problem.
please Tell me how to stop Sql Injection attacks.
Thanks!..

推荐答案

这是一个基本问题。你有没有先尝试谷歌？

以下是解决方案 -

http://msdn.microsoft.com/en-us/library/ff648339.aspx [ ^ ]

SQL注入攻击和一些关于如何防范它们的技巧 [ ^ ]

< a href =http://www.marcofolio.net/features/how_you_can_prevent_an_sql_injection.html> http://www.marcofolio.net/features/how_you_can_prevent_an_sql_injection.html [ ^ ]

和

更多信息 [ ^ ]

This is a basic question. Did you try google first ?
Here are the solutions-
http://msdn.microsoft.com/en-us/library/ff648339.aspx[^]
SQL Injection Attacks and Some Tips on How to Prevent Them[^]
http://www.marcofolio.net/features/how_you_can_prevent_an_sql_injection.html[^]
and
more here[^]

你需要确保你的输入被正确转义，最简单的方法是使用参数，在SO上看到这个问题：

http://stackoverflow.com/questions/654798 6 /如何防止-sql-injection-escaping-strings [ ^ ]



如需更深入的信息，请看看这个文章：

http://msdn.microsoft.com/en-us/ library / ff648339.aspx [ ^ ]

You need to make sure your input is properly escaped, and the easiest way is to use parameters, see this question on SO:
http://stackoverflow.com/questions/6547986/how-to-prevent-a-sql-injection-escaping-strings[^]

For a little more in depth information, check out this article:
http://msdn.microsoft.com/en-us/library/ff648339.aspx[^]

你应该开始使用存储过程，

你应该开始向存储过程发送参数....

看起来你没有使用sp'。

You should start using stored procedure,
and you should start sending parameters to your stored procedure....
It looks like you are not using sp''s.

这篇关于SQL INJECTION需要一个解决方案的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！