node如何预防sql注入
文章插图
node预防sql注入的方法:1.使用mysql.format()转义参数,例如:var userId = 1;var sql = "SELECT * FROM ?? WHERE ?? = ?";var inserts = ['users', 'id', userId];sql = mysql.format(sql, inserts); // SELECT * FROM users WHERE id = 12.使用connection.query()的查询参数占位符,例如:var userId = 1, name = 'test';var query = connection.query('SELECT * FROM users WHERE id = ?, name = ?', [userId, name], function(err, results) {// ...});console.log(query.sql); // SELECT * FROM users WHERE id = 1, name = 'test'【node如何预防sql注入】或者改写成:var post = {userId: 1, name: 'test'};var query = connection.query('SELECT * FROM users WHERE ?', post, function(err, results) {// ...});console.log(query.sql); // SELECT * FROM users WHERE id = 1, name = 'test'3. 使用escapeId()编码SQL查询标识符,例如:var sorter = 'date';var sql = 'SELECT * FROM posts ORDER BY ' + connection.escapeId(sorter);connection.query(sql, function(err, results) {// ...});4.使用escape()对传入参数进行编码,例如:var userId = 1, name = 'test';var query = connection.query('SELECT * FROM users WHERE id = ' + connection.escape(userId) + ', name = ' + connection.escape(name), function(err, results) {// ...});console.log(query.sql); // SELECT * FROM users WHERE id = 1, name = 'test'
推荐阅读
- 如何卸载云服务器上的iis
- nodejs如何安装redis
- go如何安装redis
- ubuntu18.04如何进入tty环境
- javaweb登录如何预防SQL注入
- 崩坏三如何提升爱酱科技等级 崩坏3怎么提升爱酱科技等级
- mybatis如何防sql注入
- ubuntu如何清空网络地址缓存
- ubuntu如何配置jdk环境变量
- yum如何安装redis