通过这种方式,你可以控制命令创建的方式,一旦命令创建好后,你就可以将额外的属性注入到命令中。
That way, you have control over how commands are created and can inject extra properties into the commands once they are created.
在SQL注入攻击中,程序会创建一个SQL命令,并将其发送给SQL解释器。
In an SQL injection attack, a program creates an SQL command and sends it to an SQL interpreter.
SQL注入这种技术使攻击者可以利用应用程序中未仔细检查的输入机会来执行未经授权的SQL命令,而应用程序的本意是使用该输入来构造动态sql查询。
SQL injection is a technique which enables an attacker to execute unauthorized SQL commands by taking advantage of non-scrutinized input opportunities in applications that build dynamic SQL queries.
应用推荐