1. What is SQL injection?
By constructing special input parameters into the web application, the back end executes malicious SQL. Usually because the programmer does not filter the input, the direct dynamic splicing of SQL can be generated. The open source tool sqlmap and SQLninja can be used to detect. SQL injection is a kind of operation input. The technology to modify the background SQL statement to achieve the purpose of code execution and attack. Constructing dynamic strings is a programming technique that allows developers to construct SQL statements dynamically during operation. Developers can use dynamic SQL to create versatile and flexible applications. Dynamic SQL statements are constructed during execution, and it generates different SQL statements according to different conditions. When developers need to decide which fields to extract according to different query criteria (such as SELECT statements) during operation, or select different query tables according to different conditions, it is very useful to dynamically construct SQL statements.
2. Principle of
SQL injection Sql injection is a relatively common way of network attacks, let's take a look at the web site architecture. The overall structure of the Web site architecture is composed of three parts: the Web server, the client terminal and the communication protocol.
The presentation layer refers to the interface for user interaction. The user enters the requirements in the presentation layer when using it, and then this information is transmitted to the server, and then transmitted to the database, and the server returns the result of the background feedback to the user. The logical layer presentation layer provides response to requests and provides parameter requirements for the data layer. The data layer mainly responds to data queries submitted by users
(the above figure and text analysis are derived from blogs)
3. Realistic cases of SQL injection
since SQL injection is so "famous", there must be cases related to it in real life. I believe I have heard that students from a certain university modify their test scores through SQL injection after an exam. This is a relatively small case.
This is a relatively large case. Write SQL injection clearly.
SQL injection example SQL injection is so dangerous, many browsers have made defenses early. Now it can only be demonstrated in the database.
In the above figure: username: ljh password: 123
If this is the user of the project, then you can get in when you log in to get the account and password. With SQL injection, you can come in once you know the password.
For example: SELECT * FROM
where username ='ljh' and password = '123';
Through the above SQL statement, query all the statements of the record. However, it is possible to find out through SQL injection without knowing the password. Just need to password = '2'or'1';
Those who are interested can go to the database to try, but it doesn't work through the browser, because they intercepted it.
5. An example of SQL injection
A major principle of web security: Never trust any user input. Check the input parameters (type and range); filter and escape special characters, do not directly splice SQL, use ORM can greatly reduce the risk of SQL injection. Database layer: Do a good job of authority management configuration; do not store sensitive information in plain text. ORM has security considerations, there will be no SQL injection problems through the form of passing parameters, so it is recommended to use it instead of directly spelling SQL by yourself