What is SQL injection [closed]

问题

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.

Closed 9 years ago.

I want to know about SQL injection.
So, please help me.

回答1:

Lots of information about SQL Injection on wikipedia, and xkcd has a very good example as well.

In general, if your application is using a SQL database, a SQL Injection attack is an attempt to use your program to pass dangerous values to the SQL database.

The best preventative measures are to never construct SQL strings without cleaning them up - the best way to do this is to use parameterized queries and widely used data access libraries.

回答2:

Start here: google "sql injection".

You will see that there is plenty to read about it.

If you want to protect yourself against sql injection, you have to be a bit more specific, as the exact methods differ depending on the database and on the platform using the database.

回答3:

It is the technique to manipulate the input to control your sql. Read more here is better for you Attacks by Example

Wiki

回答4:

Couple of places to get started:

1. OWASP: Lots of principals on secure web app design. Check the first entry of the Top 10 on injection
2. Injection for .NET developers: Details on what it is and how to protect against it if you're working with .NET.

回答5:

It allow a attacker to tamper with existing data, destroy the data or make it otherwise unavailable, and in short become administrators of the database server...

This attack involves injecting SQL commands in the query input thus effecting predefined SQL commands exection.

来源：https://stackoverflow.com/questions/2832938/what-is-sql-injection