SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping potentially harmful characters first. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack. The objective of this paper is to educate the professional security community on the techniques that can be used to take advantage of a web application that is vulnerable to SQL injection, and to make clear the correct mechanisms that should be put in place to protect against SQL injection and input validation problems in general.</div> <div class="id-app-translated-desc" style="display:none">SQL注入是利用使用的SQL查询客户端提供的数据,而无需先剥离可能有害的字符Web应用程序的技术。尽管是非常简单的,以防止,还有连接到Internet的生产系统容易受到这种攻击的数量惊人。本文的目的是教育上,可用于拍摄的Web应用程序容易受到SQL注入的优势技术的专业安全的社区,并明确指出,应到位,以防止SQL正确的机制一般注射输入验证问题。</div> <div class="show-more-end">