How to use the built in SQL injection protection

2018-06-05 06:29:24

I'm looking at the built in SQL injection protection in the MSSQL module for Node:

https://www.npmjs.com/package/mssql#injection

But I don't totally get their example of how to sanitize values for my queries. I guess the request.input('myval', sql.VarChar, '-- commented') statement sanitizes "myvar" against the rest of the query being commented out.

What if I want to sanitize against something else as well? Such as drop table statements etc.

Could anyone help me out?

链接地址: http://www.djcxy.com/p/16776.html

上一篇: 获取Oracle中所有表的列表？

下一篇: 如何使用内置的SQL注入保护