ابدأ بالتواصل مع الأشخاص وتبادل معارفك المهنية

أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.

متابعة

Do you consider security when designing your query string parameters for a website?

if you have a website's page named 'test' that has the following code:

[ASP.NET]

sCid = Request.QueryString["cid"] as string;

sQry = "SELECT * FROM [MyTable] WHERE id=" + sCid + " ORDER BY id";

or [PHP]

$cid = $_GET["cid"];

$qry = 'SELECT * FROM [MyTable] WHERE id=' . $cid . ' ORDER BY id';

 

What do you think will be the result of executing the query if I passed in the URL

/test?cid=1 UNION SELECT NULL FROM INFORMATION_SCHEMA.TABLES

user-image
تم إضافة السؤال من قبل مستخدم محذوف‎
تاريخ النشر: 2017/04/18
Ahmad El-Agawy
من قبل Ahmad El-Agawy , Senior SharePoint Developer , Ministry Of Islamic Affairs, Endowments, Dawah and Guidance

Mentioned logic is far away from security, because of SQL injection possibility you referred to.so, my advice is to never use concatenation in SQL queries ex. "select * from table where id =" + idVar; because it's so easy to pass another SQL query injected, instead you need to use body variables / stored procedures. ex. "select * from table where id = @id", after you set the value of @id parameter.

المزيد من الأسئلة المماثلة