I am having some trouble here. I am building a search engine for my social debating platform, where all the user content (except sensitive data) is encoded in base64, for security purposes. While building the search engine I stumbled upon an issue; I couldn't search the user content if it was all stored in base64, obviously. Then I stumbled upon an answer here that stated that using FROM_BASE64 on the SQL query would decode and then process it. As a person who is extremely paranoid about security, my first concern was: does that function protect against any SQL Injection attacks when processing the data? Or would I need to when posting the content real_escape and then do base64 to use the function securely?
1条回答 默认 最新
- douyuai8994 2014-07-09 19:42关注
short answer : as long as you dont put HTTP-data into the FROM_BASE64-query there is no need to use base64 AT ALL - but using it does no harm. If you want to put ESCAPED http-data into it you also want to check for SQL-patterns, ... many languages have certain DBM-escapement functions / libraries, you're advised to use them
NEVER feed http-data directly into DB-functions of ANY kind without escaping it.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏 举报
悬赏问题
- ¥15 R语言Rstudio突然无法启动
- ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
- ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
- ¥15 用windows做服务的同志有吗
- ¥60 求一个简单的网页(标签-安全|关键词-上传)
- ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
- ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
- ¥100 为什么这个恒流源电路不能恒流?
- ¥15 有偿求跨组件数据流路径图
- ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值