Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
763 views
in Technique[技术] by (71.8m points)

database - SQL Injection after removing all single-quotes and dash-characters

Can anyone show an EXAMPLE of a sql statement when SQL Injection occurred even after all "single-quote" and "dash characters" have been stripped out of the user's input?

SELECT MyRecord   FROM MyTable   
WHERE MyEmail='[email protected]' AND MyPassword='foo'

(No INTs are involved here.)

Everyone seems to say "yes, I can do it"... but when they are pressed for an e-x-a-m-p-l-e... none of ever shown.

(You can use any version, new or old, of any sql engine: SQL Server, MySql, SqlLite, PostgreSQL, Oracle and countless others.)

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

How have you "stripped out of the user's input"? If you have simply removed all occurrences of quotes, then that really isn't Fair for susan.o'[email protected] who won't be able to use your website.

If you are escaping each quote with another quote that can cause problems as well. If you passed in '; DROP TABLE users; -- (at least in MySQL ' is an alternative for escaping quotes) then escaping the single quote would result in an SQL injection attack that would drop the users table:

SELECT MyRecord FROM MyTable
WHERE MyEmail='''; DROP TABLE MyTable; --' AND MyPassword='foo'

the only real safe method of sanitizing your inputs is By parameterising them:

SELECT MyRecord FROM MyTable
WHERE MyEmail=? AND MyPassword=?

and then add the parameter values using you language of choice, for example in java where ps is a PreparedStatement:

ps.setString(1, "[email protected]");
ps.setString(2, "foo");
ps.executeQuery();

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...