CRLF is actually two characters: CR is carriage return (ASCII 13, \r), and LF is linefeed (ASCII 10, \n). The two characters \r and \n are used to represent a newline, with its hexadecimal a... Read more
Code injection and command injection are often caused by an unsafe function or method, a typical representative of which is eval (). Refer to the following example: $myvar = "varname"; $x =... Read more
XML is a markup language commonly used by the label on the data structure representation. XML and HTML are SGMLs (Standard Generalized Markup Languages). XML has injection attacks and is ver... Read more
In general, various coding functions can help fight against SQL injection. In some examples coding functions are bypassed, and we need a safer coding function. Fortunately, database vendors... Read more
Checking the data type of the input data can help fight against SQL injection. For example, the following code limits the input data type, which can only be an integer. In this case, injecti... Read more
In addition to the use of precompiled statements, we can also use securities stored procedures against SQL injection. The effect of using stored procedures and that of using preprogrammed t... Read more
In general, the best way to fight against SQL injection is to use precompiled statements to bind variables. For example, in Java, precompiled SQL statements are used here: String custname =... Read more
What is proper defence against SQL injection? From the point of view of defence, there are two things to do: Find all SQL injection vulnerabilities Patch these vulnerabilities To solve these... Read more
In August 2008, Stefan Esser put forward the SQL column truncation attack. In some cases, this leads to some security problems. There is an sql_mode option in the MySQL configuration. When t... Read more
In some cases, the different character encoding may cause some security issues. In the history of injection, there have been character-based injection attacks. Injection attacks often use sp... Read more
Recent Comments