Web°²È«¿ª·¢£ºSQL×¢Èë¹¥»÷ºÍÍøÒ³¹ÒÂí

ÉêÃ÷¡£ÎÄÕ½ö´ú±í¸öÈ˹۵㣬ÓëËùÔÚ¹«Ë¾ÎÞÈκÎÁªÏµ¡£
1.     ¸ÅÊö
ÍøÒ³¹ÒÂíÕâ¸ö»°ÌâÏëÀ´´ó¼Ò²¢²»Ä°Éú¡£ÎªÊ²Ã´ÓÐÕâô¶àµÄÍøÒ³ÉÏ´æÔÚ×ÅľÂíÈ¥¹¥»÷ÆÕͨÓû§£¿²»¿É·ñÈÏ£¬Ï൱һ²¿·ÖÍøÒ³Ô­±¾¾ÍÊǶñÒâµÄ£ºÍøÒ³µÄ×÷Õß¹ÊÒâÔÚÉÏÃæ·ÅÉÏľÂí£¬È»ºóͨ¹ý¸÷ÖÖÊÖ¶ÎÒýÓÕÓû§È¥ä¯ÀÀ¡£µ«ÊǾø´ó¶àÊý±»¹ÒÂíµÄÍøÒ³Ô­±¾ÊÇÕý³£µÄÍøÒ³£¬ÀýÈçÆÕͨµÄ½ÌÓýÍøÕ¾£¬¹ºÎïÍøÕ¾µÈµÈ£¬Ö»ÊÇÍøÒ³±»¹¥»÷Õ߶ñÒâÐ޸ĺó²åÈëÁËľÂí´úÂë¡£
ÄÇô£¬¹¥»÷ÕßÊÇÈçºÎÄܹ»¶ñÒâÐÞ¸ÄÒ»¸öÕý³£ÍøÒ³µÄÄØ£¿ »»¾ä»°Ëµ£¬Ò»¸öÍøÕ¾ÊÇÈçºÎ±»“ºÚ”µÄ£¿Ò»¸ö×î³£¼ûµÄ¹¥»÷·½·¨ÊÇSQL×¢È루SQL Injection£©¹¥»÷¡£ÊÂʵÉÏ£¬¾ÍÔÚ½ñÄêµÄÎåÔ·ݣ¬±¬·¢ÁËÒ»´Î´ó¹æÄ£µÄÍøÒ³¹¥»÷»î¶¯¡¾£±¡¿¡£¾Ý¹À¼Æ£¬Ô¼ÓÐ12Íò¸öÍøÒ³±»¶ñÒâÐ޸IJåÈëľÂí´úÂ룬¶ø¹¥»÷Õß²ÉÓõÄÊֶξÍÊÇSQL×¢Èë¹¥»÷¡£
ÄÇô£¬Ê²Ã´ÊÇSQL×¢Èë¹¥»÷£¿¹¥»÷ÕßÊÇÈçºÎÀûÓÃSQL×¢Èë¹¥»÷´Û¸ÄÍøÒ³µÄ£¿Web¿ª·¢ÈËÔ±ÓÖÓ¦¸ÃÈçºÎ·À·¶SQL¹¥»÷£¿Õâ¾ÍÊÇÎÒÃÇÕâƪÎÄÕÂÒª²ûÊöµÄÎÊÌâ¡£
2.     SQL×¢Èë¹¥»÷
ÎÒÃÇ´ÓÒ»¸ö¼òµ¥µÄÀý×Ó¡¾2¡¿¿ªÊ¼¡£ÏÂÃæÕâ¶Î´úÂëÓÃÀ´¹¹ÔìSQL²éѯÃüÁî¡£
var strUserAccount;
strUserAccount = Request.form ("UserAccount");
var sqlQueryString = "select * from Orders where UserAccount = '" +                                   strUserAccount + "'";
//Ö´ÐÐSQL Query …
Õâ¶Î´úÂëºÜ¼òµ¥£º¸ø³öUserAccount£¬²éѯÆä¶ÔÓ¦µÄ¶©µ¥ÐÅÏ¢¡£
ÀýÈ磬Èç¹ûÊäÈëUserAccountֵΪ100£¬ÄÇô¹¹ÔìµÄ²éѯÃüÁî¾ÍÊÇ£º
SELECT * from Orders WHERE UserAccount = '100'
´Ó¹¦ÄÜÉÏ˵Õâ¶Î´úÂë·Ç³£ÕýÈ·£¬ÍêȫûÓÐÈκÎÎÊÌâ¡£µ«ÊÇ¿ª·¢ÈËÔ±ÍùÍùºöÊÓ°²È«·½ÃæµÄ¿¼ÂÇ£ºÈç¹ûÓû§£¨¹¥»÷Õߣ©ÌṩµÄÊäÈëÊý¾ÝÊǶñÒâµÄ£¬ ³ÌÐòµÄ±íÏÖÐÐΪÊÇʲô£¿
·         Èç¹ûÊÇÒ»¸ö²»ÄÇôÓѺõĹ¥»÷Õߣ¬¿ÉÄÜÊäÈëUserAccountֵΪ100' or 1=1 --£¬¹¹ÔìµÄ²éѯÃüÁî¾ÍÊÇ:
SELECT * from Orders WHERE UserAccount = '100' or 1=1 --
Ö´ÐÐÕâ¸ö²éѯÃüÁ¾Í»á·µ»ØËùÓÐÓû§µÄ¶©µ¥£¬µ¼ÖÂÉÌÒµ»úÃÜÐÅÏ¢µÄй©¡£
·         Èç¹ûÊÇÒ»¸ö·Ç³£²»ÓѺõĹ¥»÷Õߣ¬¿ÉÄÜÊäÈëUserAccou