sql-injection

问题 What is the equivalent javascript code for mysql_real_escape_string() ? 回答1: Based on the PHP documentation of the method this would do roughly the same thing. The method mysql_real_escape_string in PHP is deprecated however. function mysqlEscape(stringToEscape){ return stringToEscape .replace("\\", "\\\\") .replace("\'", "\\\'") .replace("\"", "\\\"") .replace("\n", "\\\n") .replace("\r", "\\\r") .replace("\x00", "\\\x00") .replace("\x1a", "\\\x1a"); } Unfortunately that's not exactly what

问题 I'm working on a PHP MSSQL project that is using the sqlsrv driver. What's the best way to stop SQL injection attacks? I need something like mysql_real_escape_string() but for sqlsrv driver. 回答1: The best way is not to write your SQL so that you need to use an analogue of mysql_real_escape_string() , which you would do by using placeholders for the values and then passing the variables (that would otherwise have been handled by mysql_real_escape_string() ) when you execute the statement or

问题 So you have $sql = "SELECT * FROM `table` WHERE `some_text_field` LIKE CONCAT('%', ?, '%')"; $stmt = $dbh->prepare($sql); $stmt->execute(array($_POST['badies_code'])); And looking at another question i found that this causes a security concern, but why? I found this question, a downvoted answer and an upvoted comment that is why i ask The comment said This is not the correct way to do this. You should not use CONCAT() for three static string literals, as it opens you up to a specific type of

问题 Do es6 template literals, when used to construct queries, protect against SQL injection? Can you provide some examples of common attacks and how they would be mitigated? More specifically, I plan to use the mssql module in a node project. In their documentation under the template literals section it says "All values are automatically sanitized against SQL injection". Is this true purely because of how ES6 template literals work? 回答1: No, ES6 template literals are just another way to build

问题 I have two SQL queries in which I'm trying to update sup and opp values with +1 and -1 respectively each time the query is called. First query: query=update disc set sup=@sup, opp=@opp where did=@did int sup=getnoofsup(did); int opp = getnoofopp(did); com.Parameters.AddWithValue("@sup", sups + 1); com.Parameters.AddWithValue("@opp", opps - 1); com.Parameters.AddWithValue("@did", did); com.ExecuteNonQuery(); Second query string query="update disc set sup=sup+1, opp=opp-1 where did=@did" ; com

问题 The Background I was trying to solve the fourth realistic mission in hackthissite.org, and couldn't figure out exactly what SQL I should inject into the URL to retrieve the list of emails. After wasting a few hours, I gave up and looked at a solution, which gave this interesting line of code, which was to be injected after a select query: UNION ALL SELECT NULL, *, NULL, NULL FROM email I understand what this does and why; the hacker needs to create a query that has the same number of columns

问题 This may seem like an obvious (or not so obvious) question, but let me explain. I'm coding up a Google App Engine site using Google's database technology, BigTable. Any App Engine coders will know that Google has its own limited query language called GQL. As a result, I am tempted not to do any checking for SQL (or GQL) injection in my app since I assume Google is not using a raw string query on its backend methods to fetch data. Furthermore, libraries for DB technologies like CouchDB,

问题 I am wondering if wordpress' insert function also adds slashes to data. If it doesn't it would seem that the prepare query method would be better to prevent against SQL injection. I tried looking the issue up in there codex/api; however, it seems undocumented. Thanks! 回答1: Wordpress uses ezSQL to query the database. Technically, it is not an abstraction layer but it does take away some of the boilerplate code. ezSQL has a function escape so I assume that Wordpress would always call the escape

问题 I have done some research and still confused, This is my outcome of that research. Can someone please comment and advise to how I can make these better or if there is a rock solid implementation already out there I can use? Method 1: array_map('trim', $_GET); array_map('stripslashes', $_GET); array_map('mysql_real_escape_string', $_GET); Method 2: function filter($data) { $data = trim(htmlentities(strip_tags($data))); if (get_magic_quotes_gpc()) $data = stripslashes($data); $data = mysql_real

问题 For a search feature I wrote a MySQL query to be executed by a PHP script. I'm not doing a fulltext search. Instead, I'm doing a search using the following method: ... WHERE field LIKE '%etc%' AND field REGEXP '[[:<:]]etc[[:>:]]' Now, my idea is to prepare these dynamic values in PHP, like: $word = '2*3%5_1^0'; // just an example $wordLike = strtr($word,array('\\'=>'\\\\','%'=>'\\%','_'=>'\\_')); // instead of my old solution: // $wordLike = preg_replace('~([%_])~', '\\\\$1', $word);