SQL注入攻击讨论 [英] SQL Injection Attack Discussion

问题描述

由于我们正在讨论过滤器，因此请确保在任何直接进入SQL语句的输入中使用分号过滤器（至少），以防止整个数据库被删除。

请参阅 SQL注入攻击。

管理员编辑。

此讨论与原始主题分开，可在强制.DefaultValue为字符串。

Since we''re talking about filters, make sure you also use a filter for semicolons (at the minimum) on any input that is going directly into an SQL statement to prevent your entire database from being deleted.
See SQL Injection Attack.

Admin Edit.
This discussion was split off from the original thread, which can be found at Force .DefaultValue to be a string.

推荐答案

I现在看你正在发展思维阅读能力芯片。


我正在考虑将其带入线程。现在，您已找到我将其添加到常用列表中的链接。这肯定是值得重复的。

I see you''re developing mind-reading abilities too now Chip.

I was thinking about bringing that into the thread. Now you''ve found the link I will add it to my frequently used list. This is certainly something that bears repeating.

@ChipR


有没有人在Access中成功执行？

@ChipR
Did anybody perform it successfully in Access?

@FishVal


您是否可以入侵Access数据库，或者是否有人设法保护Access数据库使用建议的技术？


PS。我将把它移到一个新线程，以避免在这个（非常重要的）讨论中淹没原文。

@FishVal
Are you asking if it''s possible to hack into an Access database, or whether anyone has managed to protect an Access database using the techniques suggested?

PS. I will move this to a new thread to avoid swamping the original with this (quite important) discussion.

这篇关于SQL注入攻击讨论的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！