发表新帖
发表新帖

Detect SQL Injection

前端 未结
关注
5 1442
不要未来只要你来
不要未来只要你来 2021-01-05 16:44

I came to a company that already has a fully grown project... but coders that worked here before me didn\'t follow conventions and didn\'t use parametrized SQL queries... as

5条回答
  • 说谎
    说谎 (楼主)
    2021-01-05 17:04

    I applaud your willingness to dive in and fix things, and not just shrug and say, "ehh.. no one will attack our site anyway".

    I think that perhaps the best approach would be to sanitize the inputs, assuming they are innocent, across the board. The problem is, there could be legitimate reasons for someone to enter any of the characters that could trigger SQL Injection.

    Just trying to detect such patterns would be subject to false positive 'attack' results; Maybe someone tries to search for john's car, not knowing at all that the single-quote could be 'bad'. And maybe they really do need to search for that. Or, what have you...

    0 讨论(0)
 看不清?
提交回复
热议问题