Is blocking query commands enough to prevent SQL injection?
This question already has an answer here:
You don't have to ban all SQL commands from your inputs, you just need to make sure they are only ever treated as free text so that they cannot be accidentally executed as a command.
This is probably a good place to start:
https://en.wikipedia.org/wiki/SQL_injection
链接地址: http://www.djcxy.com/p/93822.html上一篇: 测试SQL注入但会导致错误?
下一篇: 阻止查询命令足以防止SQL注入?