摘要
程序员在编写代码的时候,没有对用户输入数据的合法性进行判断,用户可以提交一段数据库查询代码,根据程序返回的结果,获得某些他想得知的数据。本文通过介绍SQL注入的原理及漏洞检查方法,尝试在源码级别对SQL注入的原理和扫描方法作深刻的分析,提出了两种SQL注入防范的解决方法。
Programmers fail to judge the legitimacy of the user input data when they write code.In that case,the user can submit a database query code,according to the results of the program returns to get some data he would like to know.This paper introduces the principle and SQL injection vulnerability checking methods,attempts at source level on the SQL injection principle and scanning method for deep analysis,puts forward two kinds of SQL injection prevention solution.
出处
《山西经济管理干部学院学报》
2012年第4期70-72,共3页
Journal of Shanxi Institute of Economic Management
关键词
SQL注入
漏洞
注入防范
SQL injection
Loophole
Injection prevention
