摘要
随着互联网的发展,基于Web服务器语言和后台数据库模式的网站存在安全性问题,其中SQL注入数据库是最具威胁B/S系统漏洞的攻击。该文分析了SQL注入原理及特点,研究了预防SQL注入的攻击方法,针对B/S系统的特点,提出了字段检查、注入测试、服务器加固、绑定变量和禁止字符串拼接等SQL注入的防治手段,对预防SQL注入提供了有效的方法,增加了B/S系统的安全性。
with the development of Internet,there are security problems in Web sites Based on Web server language and background da⁃tabase mode,among which SQL injection database is the most dangerous attack to B/S system vulnerability.This paper analyzes the principle and characteristics of SQL injection,studies the methods to prevent SQL injection.According to the characteristics of B/S sys⁃tem,it puts forward the prevention measures of SQL injection,such as field check,injection test,server reinforcement,binding variables and forbidding string splicing.It provides an effective method to prevent SQL injection and increases the security of B/S system.
作者
吴涛
张俊
WU Tao;ZHANG Jun(Panzhihua college,Panzhihua 617000,China)
出处
《电脑知识与技术》
2020年第2期7-8,共2页
Computer Knowledge and Technology
