I am having some trouble here. I am building a search engine for my social debating platform, where all the user content (except sensitive data) is encoded in base64, for security purposes. While building the search engine I stumbled upon an issue; I couldn't search the user content if it was all stored in base64, obviously. Then I stumbled upon an answer here that stated that using FROM_BASE64 on the SQL query would decode and then process it. As a person who is extremely paranoid about security, my first concern was: does that function protect against any SQL Injection attacks when processing the data? Or would I need to when posting the content real_escape and then do base64 to use the function securely?
1条回答 默认 最新
douyuai8994 2014-07-09 19:42关注short answer : as long as you dont put HTTP-data into the FROM_BASE64-query there is no need to use base64 AT ALL - but using it does no harm. If you want to put ESCAPED http-data into it you also want to check for SQL-patterns, ... many languages have certain DBM-escapement functions / libraries, you're advised to use them
NEVER feed http-data directly into DB-functions of ANY kind without escaping it.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报
分享
- 2014-07-09 19:23回答 1 已采纳 short answer : as long as you dont put HTTP-data into the FROM_BASE64-query there is no need to us
- 2022-09-11 23:26回答 1 已采纳 三个思路:(1)传base64给后端,由后端来解决解析并下载图片(2)参考这个文章:https://www.pudn.com/news/62849c5febb030486dae8734.html(3)
- 2023-03-16 14:24回答 3 已采纳 该回答引用GPTᴼᴾᴱᴺᴬᴵ如果你将图片转换成base64后存储在MySQL数据库中,可以使用 LONGTEXT 类型的字段来存储数据。BLOB 类型可以存储二进制数据,但是可能会导致性能问题。 在前
- 姓王名礼的博客 【mysql】利用函数md5/ENCRYPT/AES_ENCRYPT/ENCODE/HEX/to_base64给数据库字段加解密(小白指南至简单易用)
- 2018-09-09 07:09回答 3 已采纳 Your problem is actually in your call to sprintf, it is trying to process %n as a conversion speci
- 2013-07-31 18:24回答 2 已采纳 Q If you have a file upload field, is that field vulnerable to sql injection? A yes (sort of. It
- 2022-04-22 13:39回答 1 已采纳 因为你这个json是个列表(以"["开头,以"]"结尾),所以你定位的路径不对,要先取这个列表中的第一个元素,然后再往下找imageUrl。 select JSON_EXTRACT(title_ima
- 2022-04-11 09:31wangli3525486的博客 参考:centos7下使用mysql离线安装包安装mysql5.7 - cctext - 博客园 ...# tar -zxvf mysql-5.7.26-linux-glibc2.12-x86_64.tar.gz -C /usr/local 将解压后的mysql的tar包更改名称为mysql # mv mys
- 2013-08-13 00:22回答 1 已采纳 The collation only makes a difference if you need to ORDER BY or search the column. These base64 e
- 2012-01-19 07:53回答 2 已采纳 That is why storing base64 encoded serialized data in the database is extremely bad idea. You hav
- 2011-10-17 17:05回答 2 已采纳 list 是个字段而已 [code="java"] `list` varchar(255) NOT NULL, [/code] 我给你举这个例子就是说明 in和find_in_set的区别,
- 2023-03-01 09:51岳麓丹枫001的博客 【代码】bytea 与 base64 字符串互相转换。
- 2018-02-13 15:33回答 1 已采纳 Remove data:image/jpeg;base64, from the string before using Base64.decode. Then in your adapter,
- 2021-04-19 03:19Stone Mile的博客 Query OK, 0 rows affected (0.01 sec)/* 导入数据,将id通过md5函数转换为字符串 */mysql> insert into nums_1 select md5(id) from nums;Query OK, 10000000 rows affected (1 min 12.63 sec)Records: 10000000 ...
- 2022-08-12 19:14guo_0423的博客 scala抽取mysql数据到hive
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 R语言Rstudio突然无法启动
- ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
- ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
- ¥15 用windows做服务的同志有吗
- ¥60 求一个简单的网页(标签-安全|关键词-上传)
- ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
- ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
- ¥100 为什么这个恒流源电路不能恒流?
- ¥15 有偿求跨组件数据流路径图
- ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值