SQL注入攻击
摘要:
1.错误代码: string id = Request.Params["id"];string sql = "insert into [UserTable]([UserID]) values ('"+id+"')";executeSql(sql)2. 当运行http://localhost:14288/Default.aspx?id=wert') delete from [UserTable] -- UserTable数据被清空了3.做简单替换 string id = Request.Params[" 阅读全文