想要允许用户输入',但显示错误
问题描述:
hi!
我希望用户可以在文本框中输入单个cot('').
im使用SQL yog,但是当插入查询变为
(''dgfd dfg ddf_时,它会显示错误. '''','''','''',8)您可以在这里看到实际上存在paramerte,但显示错误
hi!
i want user can enter single cot('')in textbox.
i m using SQL yog but it display error as the insert query become
(''dgfd dfg ddf_'''','''','''',8) u can see here actually there are for paramerte but it shows error
答
您的应用程序是
请不要让您的用户在文本字段中输入此内容:
Your application is wide open for SQL injection attacks.
Please instruct your users not to enter this in the text field:
'','''','''',8);drop table Users;--
或者,您可以更正代码.使用参数化查询,而不是将数据串联到查询中.
Alternatively, you can correct the code. Use parameterised queries instead of concatenating the data into the query.
您应该采用的解决方案,不仅是要解决您的问题,还要使其更安全,是使用 ^ ]与sql查询
well the solution you should take, and not just to solve you issue but make it more secure, is to use parameters[^] with the sql queries