All translations
Enter a message name below to show all available translations.
Found 2 translations.
| Name | Current message text |
|---|---|
| h English (en) | ==Constructing SQL queries== One of the most common forms of attack on web applications is SQL injection, where the aim of the attacker is to change a database query by exploiting a poorly filtered input variable. Injecting modified SQL statements into the database can damage data or reveal private information. It is important to ensure that when SQL statements are constructed, they are correctly escaped and quoted so that bad input data cannot result in a bad SQL statement. You cannot rely on the [[Retrieving_request_data_using_JInput|JInput]] methods to do this as they are not SQL-aware. |
| h Chinese (Taiwan) (zh-tw) | ==慎重結構 SQL queries== SQL Injection 是常見的網站攻擊類型之一,攻擊者會對輸入值管控不良的資料庫,修改資料庫請求的語法來破壞資料庫。攻擊結果會造成資料庫內容被破壞,或是隱私資料外洩。因此,確保SQL語法結構被送出時,能夠被正確地使用 escape 以及 quote 過濾,是很重要的,這樣惡意輸入才不會構成惡意的 SQL 語法。您將不能倚靠[[Retrieving_request_data_using_JInput|JInput]] 方法來完成這件事,因為它並非 SQL-aware。 |