防止 C++ 中的 SQL 注入OTL、DTL 或 SOCI 库

发布于 2024-09-07 04:58:51 字数 91 浏览 7 评论 0原文

我一直在研究这三个数据库库,我想知道它们是否可以采取任何措施来防止 SQL 注入。我很可能会在其中一个之上构建一个库,而注入是我在选择一个库时最关心的问题。有人知道吗?

I've been looking at all three of these database libraries, and I'm wondering if they do anything to prevent SQL injection. I'm most likely going to be building a lib on top of one of them, and injection is a top concern I have in picking one. Anybody know?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

西瓜 2024-09-14 04:58:51

与 OTL 库的作者取得联系。用我所说的“OTL Dialect”编写的参数化查询将作为参数化查询传递到底层数据库 API。因此,参数化查询将像底层 API 一样具有注入安全性。

转到这个< /a> 其他 SO 帖子的完整电子邮件解释:
是 C++ OTL SQL数据库库在后台使用参数化查询,还是字符串连接?

编辑:SOCI 使用 soci::use 表达式,转换为通常的绑定机制,但具有更多语法糖。示例:db_session << "insert into table(column)values(:value_placeholder)", use(user_input,"value_placeholder");

就 DTL 而言,我不确定它对与底层 API 相关的参数做了什么。

Got with the author of the OTL library. A parameterized query written in "OTL Dialect," as I'm calling it, will be passed to the underlying DB APIs as a parameterized query. So parameterized queries would be as injection safe as the underlying APIs make them.

Go to this other SO post for his full e-mail explanation:
Is C++ OTL SQL database library using parameterized queries under the hood, or string concat?

Edit: SOCI uses the soci::use expression, which translates to the usual binding mechanism, but with more syntactic sugar. Example: db_session << "insert into table(column) values(:value_placeholder)", use(user_input,"value_placeholder");

As far as DTL is concerned, I'm not sure what it do with parameters in relation to the underlying APIs.

枕头说它不想醒 2024-09-14 04:58:51

一般来说,这个级别的库应该只做你告诉它的事情。最能防止 SQL 注入的方法是查看用户提供的字符串,并在清理它们后才将其传递到库。

Generally a library at this level should just do what you tell it to. You most prevent SQL injection by looking at strings you're provided by the user, and only passing things on to the library after you've sanitized them.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文