在存储过程层面,如果要解决sql注入的问题,通常有这么2个办法:
1、对入参进行检查,是否有特殊字符,如单引号、分号之类的直接返回错误;
2、所有动态语句的条件变量都以绑定变量的形式传入,这种是最好的办法;
对于办法1:
这个存在一个合理性的问题,如果以 ...
↧
Channel:
ITPUB论坛-专业的IT技术社区
X
Are you the publisher?
Claim or
contact us
about this channel.
X
0
Channel Details:
- Title: ITPUB论坛-专业的IT技术社区
- Channel Number: 60573574
- Language: Chinese
- Registered On: March 6, 2016, 12:48 pm
- Number of Articles: 18583
- Latest Snapshot: January 19, 2025, 4:17 am
- RSS URL: http://www.itpub.net/forum.php?mod=rss&auth=0
- Publisher: https://www.itpub.net/forum.php
- Description: Latest 20 threads of all forums
- Catalog: //outmalaprop66.rssing.com/catalog.php?indx=60573574
© 2025 //www.rssing.com