SQL Tutorial
5. 图瓦卢
Selected Reading
- SQL - Discussion
- SQL - Useful Resources
- SQL - Useful Functions
- SQL - Quick Guide
- SQL - Questions and Answers
- SQL - Datatype Functions
- SQL - Conversion Functions
- SQL - JSON Functions
- SQL - Cursor Functions
- SQL - Logical Functions
- SQL - Statistical Functions
- SQL - Text & Image Functions
- SQL - Numeric Functions
- SQL - Aggregate Functions
- SQL - String Functions
- SQL - Date Functions
- SQL - Database Tuning
- SQL - IN vs EXISTS
- SQL - Group By vs Order By
- SQL - Common Table Expression
- SQL - Cursors
- SQL - Date & Time
- SQL - Auto Increment
- SQL - Using Sequences
- SQL - Handling Duplicates
- SQL - Sub Queries
- SQL - Transactions
- SQL - NULL Values
- SQL - Stored Procedures
- SQL - Default Constraint
- SQL - Check Constraint
- SQL - Null Functions
- SQL - Min & Max
- SQL - Hosting
- SQL - Injection
- SQL - Comments
- SQL - Wildcards
- SQL - Non-Clustered Index
- SQL - Clustered Index
- SQL - Unique Index
- SQL - Primary Key
- - 工会诉Join
- SQL - Inner Join
- SQL - Using Joins
- SQL - Aliases
- SQL - EXCEPT Operator
- SQL - INTERSECT Operator
- SQL - UNION vs UNION ALL
- SQL - UNION Operator
- SQL - BETWEEN Operator
- SQL - NOT NULL
- SQL - IS NOT NULL
- SQL - IS NULL
- SQL - NOT EQUAL
- SQL - NOT Operator
- SQL - CASE
- SQL - EXISTS Operator
- SQL - ANY, ALL Operators
- SQL - IN Operator
- SQL - LIKE Operator
- SQL - BOOLEAN (BIT) Operator
- SQL - AND & OR
- SQL - Having Clause
- SQL - Group By Clause
- SQL - Order By Clause
- SQL - Distinct Clause
- SQL - Top Clause
- SQL - Where Clause
- SQL - Rename Views
- SQL - Drop Views
- SQL - Update Views
- SQL - Create Views
- SQL - Sorting Results
- SQL - Delete Query
- SQL - Update Query
- SQL - Insert Into Select
- SQL - Select Into
- SQL - Select Query
- SQL - Insert Query
- SQL - Constraints
- SQL - Delete Table
- SQL - Drop Table
- SQL - Alter Tables
- SQL - Temporary Tables
- SQL - Clone Tables
- SQL - Truncate Table
- SQL - Rename Table
- SQL - Show Tables
- SQL - Create Table
- SQL - Backup Database
- SQL - Show Database
- SQL - Rename Database
- SQL - Select Database
- SQL - Drop Database
- SQL - Create Database
- SQL - Expressions
- SQL - Operators
- SQL - Data Types
- SQL - Syntax
- SQL - Databases
- SQL - RDBMS Concepts
- SQL - Overview
- SQL - Home
5. 图瓦卢
- 页: 1
- 页: 1
- 结构-创建指数
- 页: 1
- 页: 1
- 页: 1
- SQL - Foreign Key
- 文 件
- ∗ E/CN.6/2009/1。
- 页: 1
- 页: 1
- 文 件
- 页: 1
- 页: 1
- 文 件
- 页: 1
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
SQL - Injection
SQL - Injection
If you take a user input through a webpage and insert it into a SQL database, there is a chance that you have left yourself wide open for a security issue known as the SQL Injection. This chapter will teach you how to help prevent this from happening and help you secure your scripts and SQL statements in your server side scripts such as a PERL Script.
Injection usually occurs when you ask a user for input, pke their name and instead of a name they give you a SQL statement that you will unknowingly run on your database. Never trust user provided data, process this data only after vapdation; as a rule, this is done by Pattern Matching.
In the example below, the name is restricted to the alphanumerical characters plus underscore and to a length between 8 and 20 characters (modify these rules as needed).
if (preg_match("/^w{8,20}$/", $_GET[ username ], $matches)) {
$result = mysql_query("SELECT * FROM CUSTOMERS
WHERE name = $matches[0]");
} else {
echo "user name not accepted";
}
To demonstrate the problem, consider this excerpt −
// supposed input
$name = "Qadir ; DELETE FROM CUSTOMERS;";
mysql_query("SELECT * FROM CUSTOMSRS WHERE name= {$name} ");
The function call is supposed to retrieve a record from the CUSTOMERS table where the name column matches the name specified by the user. Under normal circumstances, $name would only contain alphanumeric characters and perhaps spaces, such as the string ipa. But here, by appending an entirely new query to $name, the call to the database turns into disaster; the injected DELETE query removes all records from the CUSTOMERS table.
Fortunately, if you use MySQL, the mysql_query() function does not permit query stacking or executing multiple SQL queries in a single function call. If you try to stack queries, the call fails.
However, other PHP database extensions, such as SQLite and PostgreSQL happily perform stacked queries, executing all the queries provided in one string and creating a serious security problem.
Preventing SQL Injection
You can handle all escape characters smartly in scripting languages pke PERL and PHP. The MySQL extension for PHP provides the function mysql_real_escape_string() to escape input characters that are special to MySQL.
if (get_magic_quotes_gpc()) {
$name = stripslashes($name);
}
$name = mysql_real_escape_string($name);
mysql_query("SELECT * FROM CUSTOMERS WHERE name= {$name} ");
The LIKE Quandary
To address the LIKE quandary, a custom escaping mechanism must convert user-suppped % and _ characters to pterals. Use addcslashes(), a function that lets you specify a character range to escape.
$sub = addcslashes(mysql_real_escape_string("%str"), "%_");
// $sub == \%str\_
mysql_query("SELECT * FROM messages
WHERE subject LIKE {$sub}% ");
Advertisements