2020
09-25
09-25
Python sql注入 过滤字符串的非法字符实例
我就废话不多说了,还是直接看代码吧!#coding:utf8#在开发过程中,要对前端传过来的数据进行验证,防止sql注入攻击,其中的一个方案就是过滤用户传过来的非法的字符defsql_filter(sql,max_length=20):dirty_stuff=["\"","\\","/","*","'","=","-","#",";","<",">","+","%","$","(",")","%","@","!"]forstuffindirty_stuff:sql=sql.replace(stuff,"")returnsql[:max_length]username="12345678...
继续阅读 >