jspÈçºÎ·À·¶sql×¢Èë¹¥»÷
ÉÏÖܸø±ðÈË×öÁ˸öÍøÕ¾£¬ÎÞÒâ¼ä·¢ÏÖ×Ô¼ºµÄ×÷Æ·Óкܶ੶´£¬Ôڶ̶̵Ä20Ãë¾Í±»×Ô¼ºÓÃsql×¢Èë·¨¸ø¸ÉÁË¡£ËùÒÔ²éÁËÒ»µã¹ØÓÚsql×¢ÈëµÄ×ÊÁÏ£¬²¢ÇÒÓеã¸ÐÎò£¬Ï£ÍûÄÜÓëÐÂÊÖÃÇ·ÖÏíһϡ£¸ßÊÖÃǼûЦÁË£¡
sql×¢Èë¹¥»÷µÄ×ÜÌå˼·£º
·¢ÏÖsql×¢ÈëλÖã»
ÅжϷþÎñÆ÷ÀàÐͺͺǫ́Êý¾Ý¿âÀàÐÍ£»
È·¶¨¿ÉÖ´ÐÐÇé¿ö
¶ÔÓÚÓÐЩ¹¥»÷Õ߶øÑÔ£¬Ò»°ã»á²ÉÈ¡sql×¢Èë·¨¡£ÏÂÃæÎÒҲ̸һÏÂ×Ô¼º¹ØÓÚsql×¢Èë·¨µÄ¸ÐÎò¡£
×¢Èë·¨£º
´ÓÀíÂÛÉÏ˵£¬ÈÏÖ¤ÍøÒ³ÖлáÓÐÐÍÈ磺
select from admin where username=' xxx' and password=' yyy' µÄÓï¾ä£¬ÈôÔÚÕýʽÔËÐд˾ä֮ǰ£¬Èç¹ûûÓнøÐбØÒªµÄ×Ö·û¹ýÂË£¬ÔòºÜÈÝÒ×ʵʩsql×¢Èë¡£
ÈçÔÚÓû§ÃûÎı¾¿òÄÚÊäÈ룺abc’ or 1=1-- ÔÚÃÜÂë¿òÄÚÊäÈ룺123 ÔòsqlÓï¾ä±ä³É£º
select from admin where username=' abc’ or 1=1 and password=' 123’ ²»¹ÜÓû§ÊäÈëÈκÎÓû§ÃûÓëÃÜÂ룬´ËÓï¾äÓÀÔ¶¶¼ÄÜÕýÈ·Ö´ÐУ¬Óû§ÇáÒ×ƹýϵͳ£¬»ñÈ¡ºÏ·¨Éí·Ý¡£
²Â½â·¨£º
»ù±¾Ë¼Â·ÊÇ£º²Â½âËùÓÐÊý¾Ý¿âÃû³Æ£¬²Â³ö¿âÖеÄÿÕűíÃû£¬·ÖÎö¿ÉÄÜÊÇ´æ·ÅÓû§ÃûÓëÃÜÂëµÄ±íÃû£¬²Â³ö±íÖеÄÿ¸ö×Ö¶ÎÃû£¬²Â³ö±íÖеÄÿÌõ¼Ç¼ÄÚÈÝ¡£
»¹ÓÐÒ»ÖÖ·½Ê½¿ÉÒÔ»ñµÃÄãµÄÊý¾Ý¿âÃûºÍÿÕűíµÄÃû¡£
¾ÍÊÇͨ¹ýÔÚÐÎÈ磺http://www. .cn/news?id=10' µÄ·½Ê½À´Í¨¹ý±¨´í»ñµÃÄãµÄÊý¾Ý¿âÃûºÍ±íÃû£¡
¶ÔÓÚjsp¶øÑÔÎÒÃÇÒ»°ã²ÉȡһϲßÂÔÀ´Ó¦¶Ô£º
1¡¢preparedstatement
Èç¹ûÄãÒѾÊÇÉÔÓÐˮƽ¿ª·¢Õß Äã¾ÍÓ¦¸ÃʼÖÕÒÔpreparedstatement´úÌæstatement.
ÒÔÏÂÊǼ¸µãÔÒò
1¡¢´úÂëµÄ¿É¶ÁÐԺͿÉά»¤ÐÔ.
2¡¢preparedstatement¾¡×î´ó¿ÉÄÜÌá¸ßÐÔÄÜ.
3¡¢×îÖØÒªµÄÒ»µãÊǼ«´óµØÌá¸ßÁË°²È«ÐÔ.
µ½Ä¿Ç°ÎªÖ¹£¬ÓÐһЩÈË£¨°üÀ¨±¾ÈË£©Á¬»ù±¾µÄ¶ñÒåsqlÓï·¨¶¼²»ÖªµÀ.
string sql = " select from tb_name where name= ' " +varname+" ' and passwd=' " +varpasswd+" ' "
Èç¹ûÎÒÃÇ°Ñ[' or ' 1' = ' 1]×÷Ϊname´«È
Ïà¹ØÎĵµ£º
Ç°¼¸Ì죬ºþÄÏSEOÔÚÓÃjspдһ¸öÆóÒµÕ¾³ÌÐòµÄʱºò£¬ÒòΪҪ²Î¼ÓÏîÄ¿´ð±ç¾ºÑ¡£¬ËùÒÔ¾ÍÏëΪ×Ô¼ºÐ´µÄ³ÌÐò¸ã¼¸¸öÁÁµã£¬ÒòΪ¸ãSEO¾ÃÁË£¬²»×Ô¾õ¾Í»áÏ뵽α¾²Ì¬£¬µ«ÊÇÔڰٶȲéÁËÒ»¸öÏÂÎ磬ֻ²éµ½ÁËurlrewrite¼Ü°üµÄÏÂÔصط½£¬ºÍ¼ÜÉè·½ÃæµÄÎÄÕ£¬²¢Ã»ÓÐjsp(JAVA)α¾²Ì¬µÄ¾ßÌå²Ù×÷ʾ·¶£¬ÓеÄÒ²Ö»ÊÇ£¬µ¥Ò³ÃæµÄα¾²Ì¬µÄд·¨£¬ÕâÀïÎÒ¾ÍÖØÍ· ......
ÍøÒ³»º´æµÄ×÷ÓÃÊÇʲô£¿Ó¦¸ÃºÜÖØÒª¡£µ«ÊÇÎÒÃÇÔÚ¿ª·¢ÍøÂçÓ¦ÓõÄʱºò£¬ÍøÒ³»º´æ×ÜÊǸøÎÒÃÇÒ»ÖÖĪÃûµÄ·³ÄÕ¡£ÓÚÊǼ¸ºõÿһ¸ö¿ª·¢Õ߶¼ÊÔͼ½â¾ö¹ýÕâ¸öÎÊÌâ¡£µ±È»£¬ÎÒÒ²²»ÊǽñÌì²Å×ÅÊÖ½â¾öÕâ¸öÎÊÌâ¡£µ«ÊǽñÌìһʱÐÄѪÀ´³±£¬Ð´Ò»Æª£¬¼Ç¼һÏÂÓõ½µÄ·½·¨¡£
1.½ûÖ¹¿Í»§¶Ë»º´æÒªÔÚ<head>ÖмÓÈëÀàËÆÈçÏÂÄÚÈÝ(ÎÒµ±È»»¹Ã»Ó ......
struts-config:
<action path="/articleManage" name="articleManageForm" scope="request" type="auction.action.ArticleManageAction" validate="false">
<forward name="atriclesList" path="/WEB-INF/publish/articleManage/atriclesList.jsp"/>
<forward ......