How to prevent Sql-Injection on User-Generated Sql Queries

前端 未结 15 1972
伪装坚强ぢ
伪装坚强ぢ 2021-02-10 11:55

I have a project (private, ASP.net website, password protected with https) where one of the requirements is that the user be able to enter Sql queries that will directly query t

15条回答
  •  一向
    一向 (楼主)
    2021-02-10 12:46

    One (maybe overkill) option could be use a compiler for a reduced SQL language. Something like using JavaCC with a modified SQL grammar that only allows SELECT statements, then you might receive the query, compile it and if it compiles you can run it.

    For C# i know Irony but never used it.

提交回复
热议问题