ColdFusion Query - Injection Protection

前端未结

关注

 3  707

长发绾君心 2020-12-07 04:07

I ask this question with a bit of sheepishness because I should know the answer. Could someone be kind and explain if and how injection could occur in the following code?

3条回答

醉酒成梦 (楼主)

2020-12-07 04:43
To answer the first part of your question, setting your #value# variable to the following:
```
someValue'; DELETE FROM tableName WHERE '1' = '1
```
would result in this query being executed:
```
    select * from tableName
    where fieldName = 'someValue'; DELETE FROM tableName WHERE '1' = '1'
```
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...