SQL INJECTION需要一个解决方案 [英] Need a Solution For SQL INJECTION
本文介绍了SQL INJECTION需要一个解决方案的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的数据库受到了Sql Injetion的攻击。它解决了很多问题。
请告诉我如何停止Sql Injection攻击。
谢谢!..
My Database was attacked by Sql Injetion.It makes lot of problem.
please Tell me how to stop Sql Injection attacks.
Thanks!..
推荐答案
这是一个基本问题。你有没有先尝试谷歌?
以下是解决方案 -
http://msdn.microsoft.com/en-us/library/ff648339.aspx [ ^ ]
SQL注入攻击和一些关于如何防范它们的技巧 [ ^ ]
< a href =http://www.marcofolio.net/features/how_you_can_prevent_an_sql_injection.html> http://www.marcofolio.net/features/how_you_can_prevent_an_sql_injection.html [ ^ ]
和
更多信息 [ ^ ]
This is a basic question. Did you try google first ?
Here are the solutions-
http://msdn.microsoft.com/en-us/library/ff648339.aspx[^]
SQL Injection Attacks and Some Tips on How to Prevent Them[^]
http://www.marcofolio.net/features/how_you_can_prevent_an_sql_injection.html[^]
and
more here[^]
你需要确保你的输入被正确转义,最简单的方法是使用参数,在SO上看到这个问题:
http://stackoverflow.com/questions/654798 6 /如何防止-sql-injection-escaping-strings [ ^ ]
如需更深入的信息,请看看这个文章:
http://msdn.microsoft.com/en-us/ library / ff648339.aspx [ ^ ]
You need to make sure your input is properly escaped, and the easiest way is to use parameters, see this question on SO:
http://stackoverflow.com/questions/6547986/how-to-prevent-a-sql-injection-escaping-strings[^]
For a little more in depth information, check out this article:
http://msdn.microsoft.com/en-us/library/ff648339.aspx[^]
你应该开始使用存储过程,
你应该开始向存储过程发送参数....
看起来你没有使用sp'。
You should start using stored procedure,
and you should start sending parameters to your stored procedure....
It looks like you are not using sp''s.
这篇关于SQL INJECTION需要一个解决方案的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文