????????SQL???λ????ж??????????????????????????????????
??????????Щ????????????????sql???????????????????????sql????????
?????????
??????????????????????л??????磺
????select * from admin where username='XXX' and password='YYY' ???????????????д???????????н??б?????????????????????SQL???
????????????????????????abc’ or 1=1-- ?????????????123 ??SQL??????
????select * from admin where username='abc’ or 1=1 and password='123’ ????????????κ?????????????????????????????У?????????????????????????
?????????
?????????·?????????????????????3????е???????????????????????????????????????3????е????????????3????е????????????
????????????????????????????????????????
??????????????磺http://www. .cn/news?id=10'????????????????????????????????
????????jsp???????????????2?????????
????1??PreparedStatement
?????????????????????????????????????PreparedStatement????Statement.
????????????????
????1)???????????????????.
????2)??PreparedStatement??????????????.
????3)?????????????????????????.
???????????????Щ???????????????????????SQL?????????.
????String sql = "select * from tb_name where name= '"+varname+"' and passwd='"+varpasswd+"'";
????????????[' or '1' = '1]???name???????.???????????????????
????select * from tb_name = 'or '1' = '1' and passwd = '????' ;
???????'1'='1'?????????????????κ???????.????????:
??????['; drop table tb_name; ]???varpasswd???????????:
????select * from tb_name = '????' and passwd = ''; drop table tb_name; ??Щ???????????????????????к?????????????Щ????????.
??????????????????????.??????κ????????????????????κ???????.(??????????????????????????????????????????????????????????????????????????????????????Щ?????????????????ò???????????????κι???.????????????? statement???п??????drop??; ?????????????ж?????.
????2?????????
????2.1?????SQL meta-characters????????? /(\%27)|(')|(--)|(\%23)|(#)/ix
????2.2?????????SQL meta-characters????????? /((\%3D)|(=))[^ ]*((\%27)|(')|(--) |(\%3B)|(:))/i
????2.3??????? SQL ?????????????? /w*((\%27)|('))((\%6F)|o|(\%4F))((\%72)|r|( ))/ix
????2.4?????SQL???UNION???????????????? /((\%27)|('))union/ix(\%27)|(') - ???????????hex???????union - union??????
????2.5?????MS SQL Server SQL?????????????? /exec(s|+)+(s|x)pw+/ix
????3???????????
????public static String filterContent(String content){
????String flt ="'|and|exec|insert|select|delete|update|count|*|%
????|chr|mid|master|truncate|char|declare|; |or|-|+|??";
????Stringfilter[] = flt.split("|");
????for(int i=0; i {
????content.replace(filter[i]?? "");
????}
????return content;
????}
????4??????????????
?????????????js?????Σ???????ú?С???????????ι?????????????????????????????????????Щ SQL?????????????????????????????????????????????????????????????????? ???????淶???μ?????????
???????漰????е?SQL???б????????JDBC???????????????ò??????磺PreparedStatement???? ???м????????????????????????.
????????????????????"'"??"\"??"/"
???????????????????????
???????????0???? 1??????
????????????
????function check(a)
????{
????return 1;
????fibdn = new Array ("'" ??"\"??"/");
????i=fibdn.length;
????j=a.length;
????for (ii=0; ii { for (jj=0; jj
????{ temp1=a.charAt(jj);
????temp2=fibdn[ii];
????if (tem'; p1==temp2)
????{ return 0; }
????}
????}
????return 1;
????}