MasterofProject

2 sarras322 Sarras32216:15 2015.03.07 questions

Parameter error: requirement for digital type.

SQL injection, followed by the emergence of 1=1 and, which means to do the anti - injection?

7 answers

Caozhy
Caozhy   Ds   Rxr 18:29 2015.03.07

Not only this, splicing SQL, with and 1=1 will not change the results of the query, and avoid the conditions for the empty condition.

Zhou1986lin
Zhou1986lin   17:38 2015.03.07

Anti injection is generally for the SQL key words and symbols to deal with

Yk19851111
Yk19851111   18:03 2015.06.07

This is done in order to splice SQL

Heandme
Heandme   15:45 2015.07.15

Where 1 = 1 is always true, so this sentence here is will not affect the results, just in order to facilitate splicing and xxx=aaasql such SQL, because in the multi condition inquiry when may a condition is not, also may have a lot of, so where screening is uncertain, if there is no condition query, SQL statement behind is where1=1 does not affect the, if many conditions directly splicing an is true

Heandme
Heandme   15:46 2015.07.15

This editor out of the problem, the word is always a little bit more focus on the dislocation!!!!

Isaboy
Isaboy   20:37 2015.09.07

Personally feel that there is no anti SQL injection processing, "parameter error: requirements for digital type." Instructions should execute the SQL statement, if prevent SQL injection should in the filter to "and 1 = 1" and keyword, should be returned directly, do not execute SQL

User default icon Csdn
Upload medium...
Upload pictures
illustrate