Entries

外四:SQL过滤? / Side 4: SQL filter?

“不光要过滤引号,请不要输入非法字符中能用到的关键字也要全都过滤掉”
"Not only the quotation marks but also any keywords could be used inDON'T TRY TO USE ILLICIT WORDS!!"
“为了防止脚本注入,像请不要输入非法字符请不要输入非法字符之类的关键字也要过滤掉”
"to avoid DON'T TRY TO USE ILLICIT WORDS!! injection, DON'T TRY TO USE ILLICIT WORDS!! and DON'T TRY TO USE ILLICIT WORDS!! also need to be filtered."
“还有请不要输入非法字符请不要输入非法字符请不要输入非法字符
"so do DON'T TRY TO USE ILLICIT WORDS!!, DON'T TRY TO USE ILLICIT WORDS!!, and DON'T TRY TO USE ILLICIT WORDS!!"
“我来给大家补充一下:
请不要输入非法字符
请不要输入非法字符
请不要输入非法字符
请不要输入非法字符
请不要输入非法字符
请不要输入非法字符
请不要输入非法字符
请不要输入非法字符
请不要输入非法字符
请不要输入非法字符
请不要输入非法字符
请不要输入非法字符 这个可能在有些地方要用到,过滤不过滤自己看着办
请不要输入非法字符
请不要输入非法字符
请不要输入非法字符
请不要输入非法字符
"check this list:
DON'T TRY TO USE ILLICIT WORDS!!
DON'T TRY TO USE ILLICIT WORDS!!
DON'T TRY TO USE ILLICIT WORDS!!
DON'T TRY TO USE ILLICIT WORDS!!
DON'T TRY TO USE ILLICIT WORDS!!
DON'T TRY TO USE ILLICIT WORDS!!
DON'T TRY TO USE ILLICIT WORDS!!
DON'T TRY TO USE ILLICIT WORDS!!
DON'T TRY TO USE ILLICIT WORDS!!
DON'T TRY TO USE ILLICIT WORDS!!
DON'T TRY TO USE ILLICIT WORDS!!
DON'T TRY TO USE ILLICIT WORDS!! this could be used in some cases, feel free
DON'T TRY TO USE ILLICIT WORDS!!
DON'T TRY TO USE ILLICIT WORDS!!
DON'T TRY TO USE ILLICIT WORDS!!
DON'T TRY TO USE ILLICIT WORDS!!"


当然当然,事实上我们推荐在ADO中用参数化查询方式……
Right, we suggest to use the parameters in ADO queries...

但我真的很好奇,如果这些民工发现在自己的网站上连想说什么都说不清楚会有什么感觉……
But I am real interested, how about those n00b find that they can't even explan their opinion via their own site?




另外……非你MB法非法!
And also... FAC UR FAXING "ILLICIT" CRAP!!
引用此文章(FC2博客用户)
http://shinron4.blog126.fc2blog.us/tb.php/20-7233152d

引用

留言

发表留言

发表留言
只对管理员显示

Appendix

自我介绍

优雅的神棍 / Elegant Tales

Author:优雅的神棍 / Elegant Tales
神棍你好,神棍再见。

最新引用

QR

QR

羔羊们啊

加为好友

和此人成爲好友

搜寻栏