如何防止JS注入攻击

本文介绍了如何防止JS注入攻击的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

你好， 我创建了一个简单的表单来按用户提交数据， 我发现有些用户错过了它并插入了60000条记录， 我不确定他如何在不到5分钟的时间内插入这些记录 我的表单在 3.5框架下，并且@page指令具有validaterequest ="true" 任何想法我怎么能提高我的应用程序安全性！

Hello there I created a simple form to submit data by users, i found that some user missed up with it and inserted 60000 record, m not sure how he managed to insert these records in less than 5 min my form is under 3.5 framework , and @page directive has validaterequest="true" any idea how can i increase my application security!!!

推荐答案

不知道您的表单如何工作，很难回答，但是基本规则是:从不连接字符串以形成SQL命令-始终使用参数化查询.我不知道您的工作状况如何，但是在C#中，您将替换为: Without knowing how your form works, it is difficult to answer, but the basic rules are: never ever concatenate strings to form SQL commands - always use parametrized queries. I don''t know how you are doing yours, but in C#, you would replace: SqlCommand cmd = new SqlCommand("INSERT INTO myTable (textColumn) VALUES ('" + myTextBox.Text + "')", con);

与

SqlCommand cmd = new SqlCommand("INSERT INTO myTable (textColumn) VALUES (@TX)", con); cmd.Parameters.AddWithValue("@TX", myTextBox.Text);