SQL注入测试 [英] SQL Injection test

问题描述

我有一个页面使用表单将邮政编码传递到另一个页面，我想要对SQL注入进行测试。什么是安全的（即没有

DELETING of data）声明试试，我将如何格式化以在表格中尝试

。

我把这个字段限制在10个字符，所以我知道我必须用更大的字段对它进行测试

因为黑客可以重写表格而且

使用lerger试图攻击的领域。


非常感谢提前


VoodooJai

I have a page the uses a form to pass a postcode to another page and I
want to test it against an SQL Injection. What would be a safe (i.e NO
DELETING of data ) statement to try and how would I format this to try
in the form.
I have limited the field to 10 chars so I know i would have to test it
with a larger field because a hacker could just rewrite the form and
use a lerger field for the attempted attack.

Many thanks in advance

VoodooJai

推荐答案

Voodoo Jai写道：

Voodoo Jai wrote:

我有一个页面使用表格将邮政编码传递到另一个页面而我

想要针对SQL注入进行测试。什么是安全的（即没有

DELETING of data）声明试试，我将如何格式化以在表格中尝试

。

我把这个字段限制在10个字符，所以我知道我必须用更大的字段对它进行测试

因为黑客可以重写表格而且

使用lerger尝试攻击的领域。


非常感谢提前


VoodooJai

I have a page the uses a form to pass a postcode to another page and I
want to test it against an SQL Injection. What would be a safe (i.e NO
DELETING of data ) statement to try and how would I format this to try
in the form.
I have limited the field to 10 chars so I know i would have to test it
with a larger field because a hacker could just rewrite the form and
use a lerger field for the attempted attack.

Many thanks in advance

VoodooJai

你需要针对黑客所做的事情进行测试 - 即删除。

你不应该在现场系统上进行测试 - 总是在

a开发系统上进行测试，备份数据库后。


-

==================

删除x来自我的电子邮件地址

Jerry Stuckle

JDS计算机培训公司
js ******* @ attglobal.net

==================

You need to test against the same things a hacker does - i.e. DELETE.
And you should NEVER be testing on a live system anyway - always test on
a development system, after backing up your databases.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

10月11日，1：27 * pm，Jerry Stuckle< jstuck ... @ attglobal.netwrote：

On Oct 11, 1:27*pm, Jerry Stuckle <jstuck...@attglobal.netwrote:

Voodoo Jai写道：

Voodoo Jai wrote:

我有一个页面使用表格将邮政编码传递到另一个页面而我

想要测试它反对SQL注入。什么是安全的（即没有

DELETING of data）声明试试，我将如何格式化以在表格中尝试

。

我把这个字段限制在10个字符，所以我知道我必须用更大的字段对它进行测试

因为黑客可以重写表格而且

使用lerger试图攻击的字段。

I have a page the uses a form to pass a postcode to another page and I
want to test it against an SQL Injection. What would be a safe (i.e NO
DELETING of data ) statement to try and how would I format this to try
in the form.
I have limited the field to 10 chars so I know i would have to test it
with a larger field because a hacker could just rewrite the form and
use a lerger field for the attempted attack.

非常感谢提前

Many thanks in advance

VoodooJai

VoodooJai

您需要针对黑客所做的事情进行测试 - 即删除。

并且您永远不应该在实时系统上进行测试 - 始终在<备份数据库后，
a开发系统。


-

============ ======

删除x来自我的电子邮件地址

Jerry Stuckle

JDS计算机培训公司

jstuck ... @ attglobal.net

==================

You need to test against the same things a hacker does - i.e. DELETE.
And you should NEVER be testing on a live system anyway - always test on
a development system, after backing up your databases.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================

我已备份我的数据库但不知道要在表格，

有人可以给我看一个例子。

I have backed up my db but dont know the syntax to use in the form,
could someone show me an example.

10月11日，9：06 * am，Voodoo Jai< voodoo ... @ btinternet.comwrote：

On Oct 11, 9:06*am, Voodoo Jai <voodoo...@btinternet.comwrote:

10月11日，1：27 * pm，Jerry Stuckle< jstuck ... @ attglobal.netwrote：

On Oct 11, 1:27*pm, Jerry Stuckle <jstuck...@attglobal.netwrote:

Voodoo Jai写道：

Voodoo Jai wrote:

我有一个页面使用表单传递邮政编码到另一个页面我和/ b $ b想要针对SQL注入进行测试。什么是安全的（即没有

DELETING of data）声明试试，我将如何格式化以在表格中尝试

。

我把这个字段限制在10个字符，所以我知道我必须用更大的字段对它进行测试

因为黑客可以重写表格而且

使用lerger试图攻击的字段。

I have a page the uses a form to pass a postcode to another page and I
want to test it against an SQL Injection. What would be a safe (i.e NO
DELETING of data ) statement to try and how would I format this to try
in the form.
I have limited the field to 10 chars so I know i would have to test it
with a larger field because a hacker could just rewrite the form and
use a lerger field for the attempted attack.

非常感谢提前

Many thanks in advance

VoodooJai

VoodooJai

你需要对它进行测试黑客所做的事情 - 即删除。

你永远不应该在现场系统上进行测试 - 在备份你的数据库后，总是在

a开发系统上进行测试。

You need to test against the same things a hacker does - i.e. DELETE.
And you should NEVER be testing on a live system anyway - always test on
a development system, after backing up your databases.

-

==================

删除x来自我的电子邮件地址

Jerry Stuckle

JDS计算机培训公司

jstuck ... @ attglobal.net

==================

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================

我已备份我的数据库但不知道要在表格，

有人可以给我看一个例子.-隐藏引用的文字 -


- 显示引用的文字 -

I have backed up my db but dont know the syntax to use in the form,
could someone show me an example.- Hide quoted text -

- Show quoted text -

我一直想成为那个说谷歌是你的朋友的人。使用

您的主题标题并谷歌。第一次点击包含测试工具

it（ http://www.zubrag.com/tools/sql-injection-test.php) ，大约

640,000其他点击量。

Bill H

I''ve always wanted to be the one that says google is your friend. Use
your subject title and google it. 1st hit contains tools for testing
it (http://www.zubrag.com/tools/sql-injection-test.php), with about
640,000 other hits also.

Bill H

这篇关于SQL注入测试的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！