lua和java防注入

lua样例

local sql = "SELECT * FROM t_base_person WHERE person_id=%s and bureau_id=%s"
sql = string.format(sql, ngx.quote_sql_str(person_id), ngx.quote_sql_str(bureau_id))

java样例

String sql = "select * from t_base_person where person_id=? and bureau_id=? limit 10";        
List<Record> list = Db.find(sql,person_id,bureau_id);

 

posted @ 2018-10-23 13:52  缤纷世界  阅读(273)  评论(0编辑  收藏  举报