SQL×¢Èë¹¥»÷µÄÖÖÀàºÍ·À·¶ÊÖ¶Î

¹Û²ì½üÀ´µÄһЩ°²È«Ê¼þ¼°Æäºó¹û£¬°²È«×¨¼ÒÃÇÒѾ­µÃµ½Ò»¸ö½áÂÛ£¬ÕâЩÍþвÖ÷ÒªÊÇͨ¹ýSQL×¢ÈëÔì³ÉµÄ¡£ËäȻǰÃæÓÐÐí¶àÎÄÕÂÌÖÂÛÁËSQL×¢È룬µ«½ñÌìËùÌÖÂÛµÄÄÚÈÝÒ²Ðí¿É°ïÖúÄã¼ì²é×Ô¼ºµÄ·þÎñÆ÷£¬²¢²ÉÈ¡ÏàÓ¦·À·¶´ëÊ©¡£
SQL×¢Èë¹¥»÷µÄÖÖÀà
Öª±ËÖª¼º£¬·½¿Éȡʤ¡£Ê×ÏÈÒªÇå³þSQL×¢Èë¹¥»÷ÓÐÄÄЩÖÖÀà¡£
1.ûÓÐÕýÈ·¹ýÂËתÒå×Ö·û
ÔÚÓû§µÄÊäÈëûÓÐΪתÒå×Ö·û¹ýÂËʱ£¬¾Í»á·¢ÉúÕâÖÖÐÎʽµÄ×¢Èëʽ¹¥»÷£¬Ëü»á±»´«µÝ¸øÒ»¸öSQLÓï¾ä¡£ÕâÑù¾Í»áµ¼ÖÂÓ¦ÓóÌÐòµÄÖÕ¶ËÓû§¶ÔÊý¾Ý¿âÉϵÄÓï¾äʵʩ²Ù×Ý¡£±È·½Ëµ£¬ÏÂÃæµÄÕâÐдúÂë¾Í»áÑÝʾÕâÖÖ©¶´£º
statement := "SELECT * from users WHERE name = '" + userName + "'; "
ÕâÖÖ´úÂëµÄÉè¼ÆÄ¿µÄÊǽ«Ò»¸öÌض¨µÄÓû§´ÓÆäÓû§±íÖÐÈ¡³ö£¬µ«ÊÇ£¬Èç¹ûÓû§Ãû±»Ò»¸ö¶ñÒâµÄÓû§ÓÃÒ»ÖÖÌض¨µÄ·½Ê½Î±Ô죬Õâ¸öÓï¾äËùÖ´ÐеIJÙ×÷¿ÉÄܾͲ»½ö½öÊÇ´úÂëµÄ×÷ÕßËùÆÚÍûµÄÄÇÑùÁË¡£ÀýÈ磬½«Óû§Ãû±äÁ¿(¼´username)ÉèÖÃΪ£º
a' or 't'='t£¬´ËʱԭʼÓï¾ä·¢ÉúÁ˱仯£º
SELECT * from users WHERE name = 'a' OR 't'='t';
Èç¹ûÕâÖÖ´úÂë±»ÓÃÓÚÒ»¸öÈÏÖ¤¹ý³Ì£¬ÄÇôÕâ¸öÀý×Ó¾ÍÄܹ»Ç¿ÆÈÑ¡ÔñÒ»¸öºÏ·¨µÄÓû§Ãû£¬ÒòΪ¸³Öµ't'='tÓÀÔ¶ÊÇÕýÈ·µÄ¡£
ÔÚһЩSQL·þÎñÆ÷ÉÏ£¬ÈçÔÚSQL ServerÖУ¬ÈκÎÒ»¸öSQLÃüÁ¿ÉÒÔͨ¹ýÕâÖÖ·½·¨±»×¢È룬°üÀ¨Ö´Ðжà¸öÓï¾ä¡£ÏÂÃæÓï¾äÖеÄusernameµÄÖµ½«»áµ¼ÖÂɾ³ý¡°users¡±±í£¬ÓÖ¿ÉÒÔ´Ó¡°data¡±±íÖÐÑ¡ÔñËùÓеÄÊý¾Ý(ʵ¼ÊÉϾÍÊÇ͸¶ÁËÿһ¸öÓû§µÄÐÅÏ¢)¡£
a'; DROP TABLE users; SELECT * from data WHERE name LIKE '%
Õâ¾Í½«×îÖÕµÄSQLÓï¾ä±ä³ÉÏÂÃæÕâ¸öÑù×Ó£º
SELECT * from users WHERE name = 'a'; DROP TABLE users; SELECT * from DATA WHERE name LIKE '%';
ÆäËüµÄSQLÖ´Ðв»»á½«Ö´ÐÐͬÑù²éѯÖеĶà¸öÃüÁî×÷ΪһÏȫ´ëÊ©¡£Õâ»á·ÀÖ¹¹¥»÷Õß×¢ÈëÍêÈ«¶ÀÁ¢µÄ²éѯ£¬²»¹ýÈ´²»»á×èÖ¹¹¥»÷ÕßÐ޸IJéѯ¡£
2.Incorrect type handling
Èç¹ûÒ»¸öÓû§ÌṩµÄ×ֶβ¢·ÇÒ»¸öÇ¿ÀàÐÍ£¬»òÕßûÓÐʵʩÀàÐÍÇ¿ÖÆ£¬¾Í»á·¢ÉúÕâÖÖÐÎʽµÄ¹¥»÷¡£µ±ÔÚÒ»¸öSQLÓï¾äÖÐʹÓÃÒ»¸öÊý×Ö×Ö¶Îʱ£¬Èç¹û³ÌÐòԱûÓмì²éÓû§ÊäÈëµÄºÏ·¨ÐÔ(ÊÇ·ñΪÊý×ÖÐÍ)¾Í»á·¢ÉúÕâÖÖ¹¥»÷¡£ÀýÈ磺
statement := "SELECT * from data WHERE id = " + a_variable + "; "
´ÓÕâ¸öÓï¾ä¿ÉÒÔ¿´³ö£¬×÷ÕßÏ£Íûa_variableÊÇÒ»¸öÓë¡°id¡±×Ö¶ÎÓйصÄÊý×Ö¡£²»¹ý£¬Èç¹ûÖÕ¶ËÓû§Ñ¡ÔñÒ»¸ö×Ö·û´®£¬¾ÍÈƹýÁ˶ÔתÒå×Ö·ûµÄÐèÒª¡£ÀýÈ磬½«a_vari