SQL injection

Go down

SQL injection Empty SQL injection

Post  skyboard on Mon Oct 03, 2011 5:57 pm

SQL攻擊(SQL injection,中国大陆称作SQL注入攻击,台湾称作SQL资料隐码攻击),简称隱碼攻擊,是發生於應用程式之資料庫層的安全漏洞。簡而言之,是在輸入的字串之中夾帶SQL指令,在設計不良的程式當中忽略了檢查,那麼這些夾帶進去的指令就會被資料庫伺服器誤認為是正常的SQL指令而執行,因此遭到破壞。

SQL injection or SQLi is a code injection technique that exploits a security vulnerability in some computer software. An injection occurs at the database level of an application (like queries). The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. Using well designed query language interpreters can prevent SQL injections.


Posts : 31
Join date : 2011-09-03

View user profile

Back to top Go down

Back to top

Permissions in this forum:
You cannot reply to topics in this forum