Skip to content

[安全]防SQL注入

Compare
Choose a tag to compare
@TommyLemon TommyLemon released this 13 May 10:10
· 2169 commits to master since this release

Server:
createStatement改为prepareStatement,statement预编译后再setString;

防止可能通过get/gets,head/heads,post,put,delete接口进行SQL注入;

防止可能通过SQLConfig中schema,table,group,having,order,column,values,content,where这些带有String类型值的参数进行SQL注入;

校验@column,@group,@order,@Schema;

预编译模式下禁用key{}:"conditions"和@having:"conditions";