Categories Menu
Repair Center
24 hours online support we repair all types of laptops and relating to LCD screen,motherboard, DC adapter, power supplies and so much more! The shop reliable laptop repair in Ottawa area since 1995. Repair your laptop as easy as 1-2-3 !
computer_25
Services for your location
URL address parameter transfer problem (defend hacker attack)
print
report error
add to favorites
write a review
send to friends
suggest a topic
register

I am a JAVA programmer. And I have an experience to share, thought could help someone. You know, in Java, there’s one stuff called PreparedStatment, I don’t know whether .NET has it or not.
Besides, you could filter some sql keywords in enter parameters, but this method is not that advanced, if filtering like this, then it would not work out if normal business has these keywords.
Sql injection is in the SQL sentence with ulterior motives, such as:
insert into table (id,content) values ((SELECT 1 FROM USER WHERE ROWNUM <2),'xxxx')
select * from table where id=1 OR 1=1
select * from table where name='XX' OR '1'='1'

As for the case above, we’d have to ensure two things to defend SQL injection:
1. As for numbers, you’d have to ensure it’s number, but not “1 or 1=1”
2. As for character strings, just need transferred meaning inverted comma, then become to elect * from table whee name='XX'' OR ''1''=''1' (I don’t know some database whether need filter double quotation marks).
As the efficiency to judge whether a parameter includes number only is not that high, where id=1 could be changed as where id=’1’. Then you just need to transfer inverted comma for all parameters.
Add inverted comma for all parameters, but not consider numbers or character strings. Then it’s OK. It’s also a good habit, as some database design might set ID type as character string. If like this, id=1 would not use index for the field id.
The above is just my experience, the database is base

prev
1
Other newly Articles from the Laptop Service Manual - All other Category:
  1. Set up your computer to protect your eyes
  2. How many memory types do you know? Let me tell you one by one!
  3. Switch laptop to VGA signal
  4. 11 magical functions for Shift key
  5. Failure elimination for all kinds of laser printers
  6. What can you do with the keys from F1 to F12 on keyboard?
  7. Laptop screen brightness adjustment
  8. Fix DVI interface, easily connect LCD display
  9. GeForce GTX 480/470
  10. Play burning under DOS
  11. Initialization of laptop battery
  12. How Foxmail to receive Yahoo mails?
  13. Emergent solution for some common computer failures
  14. 27 tips to release space on drive C
  15. How to compress QQ chatting records?
Custom Search
Examples: HP,laptop Rapair,LCD,DC Backlight,Inverter,solder
Article Comment:Replies(19)Views
Name(required):        Email(required):  
Verify: key
Use the above information at your own risk
Loading ... Loading ...