I am having some trouble here. I am building a search engine for my social debating platform, where all the user content (except sensitive data) is encoded in base64, for security purposes. While building the search engine I stumbled upon an issue; I couldn't search the user content if it was all stored in base64, obviously. Then I stumbled upon an answer here that stated that using FROM_BASE64 on the SQL query would decode and then process it. As a person who is extremely paranoid about security, my first concern was: does that function protect against any SQL Injection attacks when processing the data? Or would I need to when posting the content real_escape and then do base64 to use the function securely?
1条回答 默认 最新
douyuai8994 2014-07-09 19:42关注short answer : as long as you dont put HTTP-data into the FROM_BASE64-query there is no need to use base64 AT ALL - but using it does no harm. If you want to put ESCAPED http-data into it you also want to check for SQL-patterns, ... many languages have certain DBM-escapement functions / libraries, you're advised to use them
NEVER feed http-data directly into DB-functions of ANY kind without escaping it.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报
分享
- 2014-07-09 19:23回答 1 已采纳 short answer : as long as you dont put HTTP-data into the FROM_BASE64-query there is no need to us
- 2022-09-11 23:26回答 1 已采纳 三个思路:(1)传base64给后端,由后端来解决解析并下载图片(2)参考这个文章:https://www.pudn.com/news/62849c5febb030486dae8734.html(3)
- 2023-03-16 14:24回答 3 已采纳 该回答引用GPTᴼᴾᴱᴺᴬᴵ如果你将图片转换成base64后存储在MySQL数据库中,可以使用 LONGTEXT 类型的字段来存储数据。BLOB 类型可以存储二进制数据,但是可能会导致性能问题。 在前
- 姓王名礼的博客 【mysql】利用函数md5/ENCRYPT/AES_ENCRYPT/ENCODE/HEX/to_base64给数据库字段加解密(小白指南至简单易用)
- 2018-09-09 07:09回答 3 已采纳 Your problem is actually in your call to sprintf, it is trying to process %n as a conversion speci
- 2013-07-31 18:24回答 2 已采纳 Q If you have a file upload field, is that field vulnerable to sql injection? A yes (sort of. It
- 2022-04-22 13:39回答 1 已采纳 因为你这个json是个列表(以"["开头,以"]"结尾),所以你定位的路径不对,要先取这个列表中的第一个元素,然后再往下找imageUrl。 select JSON_EXTRACT(title_ima
- 2022-04-11 09:31wangli3525486的博客 参考:centos7下使用mysql离线安装包安装mysql5.7 - cctext - 博客园 ...# tar -zxvf mysql-5.7.26-linux-glibc2.12-x86_64.tar.gz -C /usr/local 将解压后的mysql的tar包更改名称为mysql # mv mys
- 2013-08-13 00:22回答 1 已采纳 The collation only makes a difference if you need to ORDER BY or search the column. These base64 e
- 2012-01-19 07:53回答 2 已采纳 That is why storing base64 encoded serialized data in the database is extremely bad idea. You hav
- 2011-10-17 17:05回答 2 已采纳 list 是个字段而已 [code="java"] `list` varchar(255) NOT NULL, [/code] 我给你举这个例子就是说明 in和find_in_set的区别,
- 2023-03-01 09:51岳麓丹枫001的博客 【代码】bytea 与 base64 字符串互相转换。
- 2018-02-13 15:33回答 1 已采纳 Remove data:image/jpeg;base64, from the string before using Base64.decode. Then in your adapter,
- 2021-04-19 03:19Stone Mile的博客 Query OK, 0 rows affected (0.01 sec)/* 导入数据,将id通过md5函数转换为字符串 */mysql> insert into nums_1 select md5(id) from nums;Query OK, 10000000 rows affected (1 min 12.63 sec)Records: 10000000 ...
- 2022-08-12 19:14guo_0423的博客 scala抽取mysql数据到hive
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
- ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
- ¥15 手机接入宽带网线,如何释放宽带全部速度
- ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测
- ¥15 ETLCloud 处理json多层级问题
- ¥15 matlab中使用gurobi时报错
- ¥15 这个主板怎么能扩出一两个sata口
- ¥15 不是,这到底错哪儿了😭
- ¥15 2020长安杯与连接网探
- ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么