(Qixingdou white paper, some excerpts are as follows: What is SQL injection? SQL injection: The ability to use existing applications to inject (malicious) SQL commands into the execution of the backend database engine. This is the standard definition of SQL injection. As the B/S mode is widely used, the number of programmers who use this mode to write and use programs is also increasing. However, due to the varying levels of developers and experience, a considerable number of developers are not aware of the user's knowledge when writing code. The necessary legitimacy of the input data or the information (such as cookies) carried on the page enables the attacker to submit a database query code, and obtain some data he wants according to the results returned by the program. SQL injection uses the normal HTTP service port, which is no different from normal web access on the surface, and is extremely concealed and difficult to be discovered. ......)
收藏
