发表新帖
发表新帖

Can parameterized statement stop all SQL injection?

后端 未结
关注
12 1901
轻奢々
轻奢々 2020-11-30 20:31

If yes, why are there still so many successful SQL injections? Just because some developers are too dumb to use parameterized statements?

12条回答
  • 时光说笑
    时光说笑 (楼主)
    2020-11-30 21:10

    To protect your application from SQL injection, perform the following steps:

    Step 1. Constrain input. Step 2. Use parameters with stored procedures. Step 3. Use parameters with dynamic SQL.

    Refer to http://msdn.microsoft.com/en-us/library/ff648339.aspx

    0 讨论(0)
 看不清?
提交回复
热议问题