如何在$ c语言p $ pvent SQL注入？ [英] how to prevent SQL Injection in c language?

问题描述

我现在用C语言来处理HTTP事件，我需要与MySQL做SQL操作，那么如何prevent SQL注入，有没有C库对于这一点，谢谢？

I currently use c language to process the http event, and I need to do the SQL operation with mysql, then how to prevent the SQL injection, is there any c library for that,thank you?

推荐答案

在prevent SQL注入（或shell转义注射液等）未通过未加引号的文字字符串到把一些字符作为特殊的接口方式。你需要包括它作为一个更大的字符串命令这将是一个SQL数据库，外壳，外部命令PTED间$ P $，API，它需要URI字符串等部分之前的字符串数据转换到一个安全的引号形式

The way you prevent SQL injection (or shell escape injection, etc.) is not passing unquoted literal strings to an interface that treats some characters as special. You need to transform string data to a safe quoted form before including it as part of a larger "command string" that will be interpreted by an SQL database, shell, external command, API that takes URI strings, etc.

这篇关于如何在$ c语言p $ pvent SQL注入？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！