dongshi1207 2011-06-30 00:05
浏览 80
已采纳

注释字段中的sql注入

I have a comment form that consists of 2 fields (title and comment). Database contains 3 columns id, title and comment. Comment is displayed based on it's title like domain.com/index.php?id=sometitle

The title field is properly secured for sql injection using mysql_real_escape_string, but comment field which is a textarea is left open without escaping. I can escape it, however i'm wondering what harm can it do to just leave it without using mysql_real_escape_string on that field knowing that title is already escaped and it's how the output is retrieved.

  • 写回答

5条回答 默认 最新

  • dtsc14683 2011-06-30 00:19
    关注

    What would happen if someone typed this into your textarea.

    some comment');DELETE FROM COMMENTS;--

    If your query to insert the comment were something like 

    INSERT INTO Comments(Title,Comment) VALUES('$title','$comments');

    then you would have a problem. the resulting query would be

     INSERT INTO Comments(Title,Comment) VALUES('some title','some comment');DELETE FROM COMMENTS;--'

    or to lay it out in a more readable format

    INSERT INTO Comments(Title,Comment) VALUES('some title','some comment');
DELETE FROM COMMENTS;--'

    the --' at the end just creates a comment, to get rid of any extra SQL that would make it not parse properly.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(4条)

报告相同问题?

悬赏问题

  • ¥15 解决一个加好友限制问题 或者有好的方案
  • ¥15 关于#java#的问题,请各位专家解答!
  • ¥15 急matlab编程仿真二阶震荡系统
  • ¥20 TEC-9的数据通路实验
  • ¥15 ue5 .3之前好好的现在只要是激活关卡就会崩溃
  • ¥50 MATLAB实现圆柱体容器内球形颗粒堆积
  • ¥15 python如何将动态的多个子列表,拼接后进行集合的交集
  • ¥20 vitis-ai量化基于pytorch框架下的yolov5模型
  • ¥15 如何实现H5在QQ平台上的二次分享卡片效果?
  • ¥30 求解达问题(有红包)