ã¡ãã£ã¨SQL Injectionã«ã¤ãã¦æªã ã«æ å ±ãå°ãªãã®ã«ããã¤ãã¦ããã®ã§ã ã¨ããã対çã°ã£ããã§ä½ãã§ãã¾ããã¼ã£ã¦ã®ã¯ã»ã¨ãã©ãã°ã¤ã³ã§ãã¾ããã¼ããããããããã å ·ä½çãªæ»ææ¹æ³ãããããã«ã¼ããã対çãã¦ãã ãã®äººå¤ããããªæ°ãããã®ã§ã¡ãã£ã¨æ»ææ¹æ³æ¸ãã¨ãã SQLã¤ã³ã¸ã§ã¯ã·ã§ã³ã£ã¦ãªã«ï¼ ã¢ããªã®ã¦ã¼ã¶å ¥åé åããSQLæãæ³¨å ¥ããã¦ãã¾ããã¨ã ãµã¼ãã§ããããã³ã¼ãæ¸ãã¦ãã¨ãuser_nameã«ã' or '1'='1';#ãã¨ãæ¸ããã¦ç´ æµãªãã¨ã«ãªãã(mysqlã®å ´å) String sql = "SELECT * FROM users WHERE = name = '"+user_name+"' AND password='"+user_password+"'"; ç°¡åã«è¨ãã¨ãéçºè ã®æå³ããªãSQLãã¦ã¼ã¶ã®å ¥åã«ãã£ã¦è¡ãæ»æææ³ã§ããã S
{{#tags}}- {{label}}
{{/tags}}