As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
I'm developing a new application and i want to test if it's vulnerable. I know some common attacks, but开发者_运维百科 maybe you can provide some more to make my app safer.
Thanks!
Check out this post: http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/ Also there's a Firefox add-on named SQL Inject Me but right now it doesn't work with Firefox 6
There's no reason to test for multiple attack vectors. Simply passing the character used to quote strings (usually,') should cause a syntax error if its open to SQL injection -- unless you have an IDS or some signature-based detection standing in your way.
- Always escape your variables with the proper function (for example, $pdo->quote() or mysql_real_escape_string(), depending on which extension you are using)
- Use prepared statements as much as possible
- Never escape your variables too early, or you will never know whether they are escaped or not. Just escape them the most lately possible, and always consider that they are not escaped.
- Properly set the connection encoding
If you follow this you are not vulnerable to SQL injection (provided that you don't forget to escape something).
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论