🍋
peasy / text
Menu
Tất cả công cụ Hướng dẫn 54 Thuật ngữ 31 Định dạng tệp 131 Trường hợp sử dụng 302 API

Categories

P pdf I image D document T text D developer C css D design V video A audio Q qr S seo S security S social M math G generator
🍋 peasytools.com
Security

SQL Injection

SQL Injection Attack

Inserting malicious SQL code into application queries to access, modify, or delete database data.

Chi tiết kỹ thuật

SQL Injection occurs when user input is concatenated directly into SQL queries. Example: ' OR 1=1 -- turns a login query into 'SELECT * FROM users WHERE password = '' OR 1=1'. The primary defense is parameterized queries (prepared statements) where the database engine separates SQL logic from data values. ORM frameworks (Django ORM, SQLAlchemy, Prisma) generate parameterized queries automatically. Additional defenses: least-privilege database accounts, input validation, and WAF (Web Application Firewall) rules.

Ví dụ

```javascript
// SQL Injection — Web Crypto API example
const data = new TextEncoder().encode('sensitive data');
const hash = await crypto.subtle.digest('SHA-256', data);
const hex = Array.from(new Uint8Array(hash))
  .map(b => b.toString(16).padStart(2, '0')).join('');
```

Định dạng liên quan

.sql

Công cụ liên quan

P Password Generator P Password Strength Checker H Hash Generator H HMAC Generator A AES Encrypt / Decrypt R Random String Generator C CSP Header Generator T Text Redactor C CORS Header Generator S SRI Hash Generator B Base64 Encoder / Decoder G Giải Mã JWT T Tạo UUID T TOTP Configurator S SQL Formatter S SSL Certificate Decoder

Thuật ngữ liên quan

AES Checksum Command Injection Certificate Pinning Argon2 CORS Misconfiguration SQL 2FA Clickjacking