sql注入的问题 [英] problem with sql injection

问题描述

我的文本框有问题。



当用户在文本框中写东西时，它会保存它但sql查询或坏文本或某些东西自动注入在数据库中，我知道它发生了什么......它在数据库中保存了错误数据。



2.我在想sql是自动注入的按文字格式。



任何1可以为我提供解决方案..



i cant restrict我的特殊字符文本框。



这就是为什么我面临这么多问题。

i have a problem with text box.

when user write something in text boxes, it will save it but sql query or bad text or some thing automatically injected in database , i dint know what is happening to it...... it saves false data in database.

2.i am thinking that sql was automatically injected by the format of text.

can any 1 provide me solution for it..

i cant restrict my text box for special characters .

this is why i am facing so many problems.

推荐答案

只需在插入，更新，选择数据库中使用存储过程。

Just Use Stored Procedure In Insert,Update,Select On Database .

您好，



这些文章可能会帮助您识别漏洞。确保您还清理服务器端的用户输入，不仅仅取决于客户端验证（JavaScript）。使用存储过程不会100％保护您的应用程序免受漏洞攻击。这取决于你如何使用它。如果您有一个带有动态查询的存储过程，也可能会打开SQL注入。



http://msdn.microsoft。 com / en-us / library / ff648339.aspx [ ^ ]



SQL注入和跨站点脚本 [ ^ ]



http://www.mikesdotnetting.com/Article/113/Preventing-SQL-Injection-in-ASP.NET [ ^ ]



http://weblogs.asp.net/scottgu/archive/2006/09/30/Tip_2F00_Trick_3A00_-Guard-Against-SQL-Injection-Attacks.aspx [ ^ ]

Hello,

These articles might able to help you identify the vulnerabilities. Make sure you sanitize the user input on the server side also ,don''t depends only on client side validation (JavaScript). Using Stored Procedure will not 100% shield your application from the vulnerability. It depends on how you use it. if you have a Stored Procedure with dynamic query that might open to SQL injection as well.

http://msdn.microsoft.com/en-us/library/ff648339.aspx[^]

SQL Injection and Cross-Site Scripting[^]

http://www.mikesdotnetting.com/Article/113/Preventing-SQL-Injection-in-ASP.NET[^]

http://weblogs.asp.net/scottgu/archive/2006/09/30/Tip_2F00_Trick_3A00_-Guard-Against-SQL-Injection-Attacks.aspx[^]

限制所有特殊字符（无论您遇到什么困难）进入文本框。您可以找到许多JavaScript函数，它们可以帮助您限制特殊字符。

Restrict all the special characters (whichever are troubling you) from entering in to the text box. You can find many JavaScript functions which can help you in restricting the special characters.

这篇关于sql注入的问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！