CodePudding user response:
Injection is a kind of operation, such as the normal instruction whenSelect * from TB where a='test'
Someone by certain means, will you normal instruction deformation become
Select * from TB where a=' '; Select * from the users where name<> Test ' '
In general, this is caused by stitching page parameters, because the validation is not strict, cause others to forge the parameters, in this way changes the normal instructions, called injection
CodePudding user response:
Normal add statement is not injection, injection is commonly caused by stitching the SQL string, joining together the content of the parameters of the incoming outside external data can be written as executable SQL statements, lead to our project fail