Analysis of Java interview questions and prevention of SQL injection

This paper mainly studies one of the more common Java interview questions, the judgment and prevention of SQL injection problems, detailed introduction is as follows.

SQL injection is the most common attack method used by hackers at present. The principle of SQL injection is to use the database to parse special identifiers to force it from the page to the background. Change the SQL statement structure to extend permissions, create high-level users, force changes to user profiles, and so on.

So how do you know if SQL has injected it?

Through the principle of SQL injection, we know that SQL injection can be passed through the page data, the background should not believe any data passed from the background, especially the special integer parameters and special character parameters!

Preventing SQL injection is also quite simple

1. Check variable data types and formats

As long as the variable is a fixed format, before SQL statement execution, should strictly follow the fixed format check, to make sure that the variable is the format we expect!

2. Filter special symbols

For the variable that cannot determine the fixed format, 1 must carry out special symbol to come over or transfer processing, 1 side star SQL has ambiguity.

When we upload the picture

enctype=\ " multipart/form-data\ " 
enctype= " multipart/form-data " 

multipart/form-data = multipart/form-data = multipart/form-data = multipart/form-data By default, the encoding format is application/x-www-form-urlencoded and cannot be used for file uploads; Only using multipart/ form-data, can complete the transfer of file data, the following operations.

3. Bind variables and use precompiled statements

In fact, using precompiled statements for binding variables is the best way to prevent SQL injection, and the semantics will not change with precompiled SQL statements. In SQL statements, variables are used with question marks? Said that the hacker even if the ability again big, also cannot change the SQL statement format, fundamentally put an end to the occurrence of SQL injection attack.

4. Database information encryption security

Sometimes the database information leaked, we should encrypt the password and other information of the database (MD5, etc.), so that the information leaked, the loss can also be controlled within a certain range.

Be careful when using ES73en

1. Do not arbitrarily open 1 production environment summary Webserver error display.

2. Never trust the input of variables from the client. Variables with a fixed format 1 must be strictly checked for their corresponding format.

3. SQL statements that use precompiled binding variables

4. Manage database account rights well

5. Strictly encrypt users' confidential information

A good program 1 must pay attention to safety, otherwise it is only suitable for practice.

conclusion

The above is the analysis of Java interview questions and prevent SQL injection of all the content, I hope to be helpful to you. Interested friends can continue to refer to the site of other related topics, if there are shortcomings, welcome to leave a message to point out. Thank you for your support!