From a905d895b043eea4ebdf05e9775e0567378cc148 Mon Sep 17 00:00:00 2001
From: gong <3218757026@qq.com>
Date: 星期二, 29 十月 2024 15:16:31 +0800
Subject: [PATCH] Merge branch 'master' of ssh://115.28.86.8:29418/~admin/昆仑_1025
---
Server/王琨元/document/防注入.txt | 94 +++++++++++++++++++++++++++++++++--------------
1 files changed, 66 insertions(+), 28 deletions(-)
diff --git "a/Server/\347\216\213\347\220\250\345\205\203/document/\351\230\262\346\263\250\345\205\245.txt" "b/Server/\347\216\213\347\220\250\345\205\203/document/\351\230\262\346\263\250\345\205\245.txt"
index 09b9217..19a2f6c 100644
--- "a/Server/\347\216\213\347\220\250\345\205\203/document/\351\230\262\346\263\250\345\205\245.txt"
+++ "b/Server/\347\216\213\347\220\250\345\205\203/document/\351\230\262\346\263\250\345\205\245.txt"
@@ -1,29 +1,67 @@
-https://blog.csdn.net/qq_28245087/article/details/131453274
-1 .浣跨敤鍙傛暟鍖栨煡璇�
-浣跨敤鍙傛暟鍖栨煡璇㈠彲浠ラ槻姝QL娉ㄥ叆鏀诲嚮锛屽苟鎻愰珮浠g爜鐨勫彲璇绘�у拰鍙淮鎶ゆ�с�傚湪Java涓紝鍙互浣跨敤PreparedStatement鏉ュ疄鐜板弬鏁板寲鏌ヨ銆�
-2. 杈撳叆楠岃瘉鍜岃繃婊�
-杈撳叆楠岃瘉鍜岃繃婊ゆ槸涓�绉嶇敤浜庣‘淇濈敤鎴疯緭鍏ユ暟鎹殑瀹夊叏鎬у拰鏈夋晥鎬х殑鎶�鏈�傚畠鍙互闃叉鎭舵剰杈撳叆鍜岄敊璇暟鎹鑷寸殑瀹夊叏婕忔礊鍜屽簲鐢ㄧ▼搴忛敊璇��
-3. 浣跨敤瀛樺偍杩囩▼
-瀛樺偍杩囩▼鏄竴缁勯瀹氫箟鐨凷QL璇彞闆嗗悎锛屽彲浠ュ湪鏁版嵁搴撲腑杩涜閲嶅鎬у拰澶嶆潅鎬х殑鎿嶄綔銆傚畠浠彲浠ユ帴鍙楀弬鏁帮紝骞朵笖鍙互鍦ㄦ暟鎹簱涓繘琛岄噸澶嶄娇鐢ㄣ��
-4.鏈�灏忔潈闄愬師鍒�
-鏈�灏忔潈闄愬師鍒欐槸涓�绉嶅畨鍏ㄦ�у師鍒欙紝鎸囩殑鏄负浜嗕繚鎶ゆ晱鎰熸暟鎹拰绯荤粺璧勬簮锛岀敤鎴峰簲璇ヨ鎺堜簣鏈�灏忓繀闇�鐨勬潈闄愩�傝繖鎰忓懗鐫�鐢ㄦ埛鍙兘璁块棶鍜屾墽琛屼粬浠伐浣滄墍闇�鐨勬暟鎹簱瀵硅薄鍜屾搷浣滐紝鑰屼笉鏄嫢鏈夊鏁翠釜鏁版嵁搴撶殑瀹屽叏璁块棶鏉冮檺銆�
-浣跨敤鏈�灏忔潈闄愬師鍒欏彲浠ュ噺灏戞綔鍦ㄧ殑瀹夊叏椋庨櫓鍜屾暟鎹硠闇茬殑鍙兘鎬с�傞�氳繃闄愬埗鐢ㄦ埛鐨勬潈闄愶紝鍙互闃叉浠栦滑瀵规暟鎹簱涓殑鏁忔劅鏁版嵁杩涜鏈粡鎺堟潈鐨勮闂�佷慨鏀规垨鍒犻櫎銆�
-5. 浣跨敤ORM妗嗘灦
-ORM锛堝璞″叧绯绘槧灏勶級妗嗘灦鏄竴绉嶅皢瀵硅薄妯″瀷鍜屽叧绯绘暟鎹簱涔嬮棿杩涜鏄犲皠鐨勬妧鏈�傚畠鍏佽寮�鍙戜汉鍛樹娇鐢ㄩ潰鍚戝璞$殑鏂瑰紡鎿嶄綔鏁版嵁搴擄紝鑰屼笉闇�瑕佺紪鍐欑箒鐞愮殑SQL璇彞銆侽RM妗嗘灦灏嗘暟鎹簱琛ㄦ槧灏勪负瀵硅薄锛屽皢琛ㄧ殑琛屾槧灏勪负瀵硅薄鐨勫睘鎬э紝灏嗚〃涔嬮棿鐨勫叧绯绘槧灏勪负瀵硅薄涔嬮棿鐨勫叧鑱斻��
-ORM妗嗘灦鐨勪紭鐐瑰寘鎷彁楂樺紑鍙戞晥鐜囥�佸噺灏戜唬鐮侀噺銆佺畝鍖栨暟鎹簱鎿嶄綔銆佹彁渚涘璞$骇鍒殑鏌ヨ鍜屾寔涔呭寲绛夈��
-6. 浣跨敤鍑嗗璇彞
-鍑嗗璇彞锛圥repared Statement锛夋槸涓�绉嶉缂栬瘧鐨凷QL璇彞锛屽畠鍏佽寮�鍙戜汉鍛樺皢鍙傛暟鍖栨煡璇㈠彂閫佸埌鏁版嵁搴擄紝骞跺湪鎵ц鏃舵彁渚涘弬鏁板�笺�傚噯澶囪鍙ュ彲浠ユ彁楂樻暟鎹簱鎿嶄綔鐨勬�ц兘鍜屽畨鍏ㄦ�э紝鍚屾椂杩樿兘闃叉SQL娉ㄥ叆鏀诲嚮銆�
-7.浣跨敤瀹夊叏鐨勬暟鎹簱杩炴帴
-浣跨敤瀹夊叏鐨勬暟鎹簱杩炴帴鏄潪甯搁噸瑕佺殑锛屽彲浠ヤ繚鎶ゆ暟鎹簱鍏嶅彈鎭舵剰鏀诲嚮鍜屾暟鎹硠闇层��
-浣跨敤SSL/TLS鍔犲瘑锛氶�氳繃浣跨敤SSL/TLS鍔犲瘑锛屽彲浠ョ‘淇濇暟鎹簱杩炴帴鍦ㄤ紶杈撹繃绋嬩腑鐨勬暟鎹畨鍏ㄣ��
-8.閬垮厤鍔ㄦ�佹嫾鎺QL璇彞
-閬垮厤鍔ㄦ�佹嫾鎺QL璇彞鏄负浜嗛槻姝QL娉ㄥ叆鏀诲嚮鍜屾彁楂樹唬鐮佺殑鍙鎬у拰鍙淮鎶ゆ�с��
-9.浣跨敤闃茬伀澧欏拰鍏ヤ镜妫�娴嬬郴缁�
-浣跨敤闃茬伀澧欏拰鍏ヤ镜妫�娴嬬郴缁熸槸涓轰簡淇濇姢璁$畻鏈虹綉缁滃厤鍙楁湭缁忔巿鏉冪殑璁块棶鍜屾伓鎰忔敾鍑汇��
-10.瀹氭湡鏇存柊鍜岀淮鎶ゆ暟鎹簱杞欢
-瀹氭湡鏇存柊鍜岀淮鎶ゆ暟鎹簱杞欢鏄潪甯搁噸瑕佺殑锛屼互纭繚鏁版嵁搴撶殑瀹夊叏鎬с�佹�ц兘鍜屽姛鑳界殑绋冲畾鎬с�備互涓嬫槸涓�浜涜鏄庡拰瑙i噴锛屼互鍙婁娇鐢↗ava浠g爜绀轰緥鏉ュ疄鐜版暟鎹簱杞欢鐨勫畾鏈熸洿鏂板拰缁存姢锛�
+#include <iostream>
+#include <mysql_driver.h>
+#include <mysql_connection.h>
+#include <cppconn/statement.h>
+#include <cppconn/prepared_statement.h>
+#include <cppconn/resultset.h>
+#include <string>
+#include <regex>
-瀹氭湡鏇存柊锛�
-瀹氭湡鏇存柊鏁版嵁搴撹蒋浠舵槸涓轰簡鑾峰彇鏈�鏂扮殑瀹夊叏琛ヤ竵銆佸姛鑳芥敼杩涘拰鎬ц兘浼樺寲銆傛暟鎹簱渚涘簲鍟嗛�氬父浼氬彂甯冩洿鏂扮増鏈紝浠ヤ慨澶嶅凡鐭ョ殑婕忔礊鍜岄棶棰樸�傛洿鏂版暟鎹簱杞欢鍙互鎻愰珮鏁版嵁搴撶殑瀹夊叏鎬э紝骞剁‘淇濇暟鎹簱涓庢渶鏂扮殑鎶�鏈拰鏍囧噯淇濇寔涓�鑷淬��
-缁存姢浠诲姟锛�
-鏁版嵁搴撹蒋浠剁殑缁存姢浠诲姟鍖呮嫭澶囦唤鍜屾仮澶嶃�佺储寮曚紭鍖栥�佺粺璁′俊鎭洿鏂般�佺┖闂寸鐞嗐�佹棩蹇楃鐞嗙瓑銆傝繖浜涗换鍔℃湁鍔╀簬鎻愰珮鏁版嵁搴撶殑鎬ц兘銆佸彲鐢ㄦ�у拰鍙潬鎬с��
+class DatabaseUtils {
+public:
+ // 杩炴帴鏁版嵁搴�
+ static sql::Connection* connect() {
+ try {
+ sql::mysql::MySQL_Driver* driver = sql::mysql::get_mysql_driver_instance();
+ sql::Connection* con = driver->connect("tcp://127.0.0.1:3306", "mayi", "123456");
+ con->setSchema("your_database");
+ return con;
+ } catch (sql::SQLException& e) {
+ std::cerr << "鏁版嵁搴撹繛鎺ラ敊璇�: " << e.what() << std::endl;
+ return nullptr;
+ }
+ }
+
+ // 妫�鏌QL璇彞鏄惁瀛樺湪娼滃湪娉ㄥ叆椋庨櫓锛堢畝鍗曟鍒欐牎楠岋級
+ static bool isSafeSQL(const std::string& sql) {
+ // 绠�鍗曠殑姝e垯琛ㄨ揪寮忥紝闃叉甯歌鐨勬敞鍏ュ叧閿瘝
+ std::regex injectionRegex("(drop|delete|update|insert|select\\s+\\*\\s+from)", std::regex_constants::icase);
+ return!std::regex_search(sql, injectionRegex);
+ }
+
+ // 浣跨敤鍙傛暟鍖栨煡璇㈡墽琛孲QL璇彞
+ static sql::ResultSet* executeSafeQuery(sql::Connection* con, const std::string& sql, const std::vector<std::string>& params) {
+ try {
+ sql::PreparedStatement* pstmt = con->prepareStatement(sql);
+ for (size_t i = 0; i < params.size(); ++i) {
+ pstmt->setString(i + 1, params[i]);
+ }
+ return pstmt->executeQuery();
+ } catch (sql::SQLException& e) {
+ std::cerr << "鏌ヨ鎵ц閿欒: " << e.what() << std::endl;
+ return nullptr;
+ }
+ }
+};
+
+int main() {
+ sql::Connection* con = DatabaseUtils::connect();
+ if (con) {
+ std::string sql = "SELECT * FROM your_table WHERE column_name =?";
+ std::vector<std::string> params = {"test_value"};
+ if (DatabaseUtils::isSafeSQL(sql)) {
+ sql::ResultSet* res = DatabaseUtils::executeSafeQuery(con, sql, params);
+ if (res) {
+ while (res->next()) {
+ // 澶勭悊缁撴灉
+ std::cout << res->getString(1) << std::endl;
+ }
+ delete res;
+ }
+ } else {
+ std::cerr << "娼滃湪鐨凷QL娉ㄥ叆椋庨櫓" << std::endl;
+ }
+ delete con;
+ }
+ return 0;
+}
\ No newline at end of file
--
Gitblit v1.8.0