SQL injection attacks

SQL injection attack is one of the common means of hackers to attack the database. Programmers who write code that does not make a determination about the legitimacy of user input data can make the application a security risk. A user can submit a piece of database query code to get certain data he wants to know based on the results returned by the program, which is known as SQL Injection, or SQL injection.

Example reference.

We have an Access system designed to manage inventory and sales, the user enters the user name and password to log in, as shown in the figure

If we open the code corresponding to the "OK" button, we see the following code.


If IsNull(txt_name) Then

MsgBox "Please enter your username!",vbCritical, " prompt"



txtSQL = "SELECT * from caretakerswhere ( user ID='"& txt_name & "') and ( pin number='"& Txtpwd & "')"

Set mrc =ExeSQL(txtSQL)

If mrc.EOF Then

MsgBox " No such user name or incorrect password!", vbCritical, " prompt"



Set mrc = Nothing

Me.Visible = False

' Open switch panel

DoCmd.OpenForm" Switching panel"

End If

End If


Note the SQL statement that analyzes the red part, if I enter the correct values in username and password, assuming both username and password are admin, the red part of the code will be replaced with

txtSQL = "SELECT * from caretakerswhere ( user ID='admin')and ( pin number=' admin ')"

Execute the statement and find the corresponding record in the administrator table, whereupon mrc. EOF is false, the user logs into the system, and if the username password is incorrect, mrc. EOF is true, prompting for an error.

nevertheless, There's something wrong with this piece of code, We can use SQL injection attacks, Direct Login System, For example, I lift the username and password and enter“1' OR '1'='1”, or so, The red part of the code aboveSQL statement will then become:

txtSQL = "SELECT * from caretakerswhere ( user ID='1' OR '1'='1') and ( pin number='1' OR '1'='1')"

Can you see the problem? Let's mark it again with a color.

txtSQL= "SELECT * from caretakerswhere ( user ID='1'OR'1'='1') and( pin number='1'OR'1'='1')"

We will find:( user ID='1'OR'1'='1') constant is true,( pin number='1'OR'1'='1') constant is true, So the system decided I was a legitimate user., You can log into the system normally now.。

If you still don't understand after reading the above, we will demonstrate and analyze examples for you in the next lesson.

1、WeChat applet development import file says not found json problem
2、The media people ten questions XP Challenge 360 suspected behind the scenes
3、Interview with Min Chu of Spectrum A voice interaction pragmatist who left Microsoft and gave up Ali
4、After 1 month of research weve summarized 3 video infomercial trends
5、Software installation to D drive failed with You do not have write access to this installation directory solution

    已推荐到看一看 和朋友分享想法
    最多200字,当前共 发送