如何避免脚本数据库黑客攻击? [英] How to avoid script database hacking?
本文介绍了如何避免脚本数据库黑客攻击?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
如果我从aso.net获取用户信息,并根据该数据库对数据库执行一些查询
,我该如何避免这样的问题:
客户在用户名文本框中输入以下内容:new; delect from users
在服务器端,我有:
sql =" select * from users where username =" + txtUser.Text;
谢谢,
Ronen
If I get the user info from an aso.net, and based on that execute some query
against the database, how can I avoid issues like this one:
Client entered in user name text box the following: "new;delect from users"
On server side I have:
sql = "select * from users where username = " + txtUser.Text;
Thanks,
Ronen
推荐答案
你应该经常检查字符串中的狡猾字符和使用存储的带参数的
程序。
" RA" < RO **** @ hotmail.com>在留言中写道
新闻:%2 **************** @ TK2MSFTNGP09.phx.gbl ...
You should always check for dodgy characters in the string and use stored
procedures with parameters.
"RA" <ro****@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
如果我从aso.net获取用户信息,并根据对数据库执行一些
查询,如何避免这样的问题:
客户端在用户名文本框中输入以下:new; delect from
users
在服务器端,我有:
sql =" select * from users where username =" + txtUser.Text;
谢谢,
Ronen
If I get the user info from an aso.net, and based on that execute some query against the database, how can I avoid issues like this one:
Client entered in user name text box the following: "new;delect from users"
On server side I have:
sql = "select * from users where username = " + txtUser.Text;
Thanks,
Ronen
如果商店程序如何帮助传递给它的参数是来自文本框的输入
?
" Wes Jackson" <我们******** @ hotmail.com>在消息中写道
news:eD ************** @ tk2msftngp13.phx.gbl ...
How would a store procedure help if the parameter passed to it is the input
from the text box?
"Wes Jackson" <we********@hotmail.com> wrote in message
news:eD**************@tk2msftngp13.phx.gbl...
你应该经常检查字符串中的狡猾字符和使用存储的带参数的程序。
" RA" < RO **** @ hotmail.com>在消息中写道
新闻:%2 **************** @ TK2MSFTNGP09.phx.gbl ...
You should always check for dodgy characters in the string and use stored
procedures with parameters.
"RA" <ro****@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
如果我收到用户信息从aso.net开始,基于对数据库执行一些
If I get the user info from an aso.net, and based on that execute some
查询
,如何避免这样的问题:
客户在用户名文本框中输入以下内容:new; delect from
against the database, how can I avoid issues like this one:
Client entered in user name text box the following: "new;delect from
users"
users"
在服务器端,我有:
sql =" select * from users where username =" + txtUser.Text;
谢谢,
Ronen
On server side I have:
sql = "select * from users where username = " + txtUser.Text;
Thanks,
Ronen
你也可以使用存储过程
" Wes Jackson" <我们******** @ hotmail.com>在消息中写道
news:eD ************** @ tk2msftngp13.phx.gbl ...
You can also Use Stored Procs
"Wes Jackson" <we********@hotmail.com> wrote in message
news:eD**************@tk2msftngp13.phx.gbl...
你应该经常检查字符串中的狡猾字符和使用存储的带参数的程序。
" RA" < RO **** @ hotmail.com>在消息中写道
新闻:%2 **************** @ TK2MSFTNGP09.phx.gbl ...
You should always check for dodgy characters in the string and use stored
procedures with parameters.
"RA" <ro****@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
如果我收到用户信息从aso.net开始,基于对数据库执行一些
If I get the user info from an aso.net, and based on that execute some
查询
,如何避免这样的问题:
客户在用户名文本框中输入以下内容:new; delect from
against the database, how can I avoid issues like this one:
Client entered in user name text box the following: "new;delect from
users"
users"
在服务器端,我有:
sql =" select * from users where username =" + txtUser.Text;
谢谢,
Ronen
On server side I have:
sql = "select * from users where username = " + txtUser.Text;
Thanks,
Ronen
这篇关于如何避免脚本数据库黑客攻击?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
