{"id":3243,"date":"2020-02-17T01:33:21","date_gmt":"2020-02-17T01:33:21","guid":{"rendered":"http:\/\/it.isophal.com\/?p=3243"},"modified":"2020-02-17T01:33:21","modified_gmt":"2020-02-17T01:33:21","slug":"%e1%9e%a2%e1%9f%92%e1%9e%9c%e1%9e%b8%e1%9e%91%e1%9f%85%e1%9e%87%e1%9e%b6-sql-injection-sqli-%e1%9e%8f%e1%9e%be%e1%9e%a2%e1%9f%92%e1%9e%93%e1%9e%80%e1%9e%a2%e1%9e%b6%e1%9e%85%e1%9e%80%e1%9e%b6","status":"publish","type":"post","link":"https:\/\/isophal.com\/news\/2020\/02\/17\/3243.html\/","title":{"rendered":"\u17a2\u17d2\u179c\u17b8\u1791\u17c5\u1787\u17b6 SQL injection (SQLi)? \u178f\u17be\u17a2\u17d2\u1793\u1780\u17a2\u17b6\u1785\u1780\u17b6\u179a\u1796\u17b6\u179a\u179c\u17b6\u1794\u17b6\u1793\u178a\u17c4\u1799\u179a\u1794\u17c0\u1794\u178e\u17b6?"},"content":{"rendered":"<p id=\"1e0c\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\"><strong class=\"gq hc\">\u17e1. \u1793\u17b7\u1799\u1798\u1793\u17d0\u1799<\/strong><\/p>\n<p id=\"cbc4\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">SQL injection \u1787\u17b6\u1794\u17d2\u179a\u1797\u17c1\u1791 injection attack \u178a\u17c2\u179b\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1785\u17bc\u179b\u179b\u17bd\u1785\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u178f\u17b6\u1798\u179a\u1799\u17c8 SQL Statement \u17d4\u200b\u00a0<em class=\"hd\">\u17a7\u1791\u17b6\u17a0\u179a\u178e\u17cd\u1780\u17d2\u1793\u17bb\u1784\u1787\u17b8\u179c\u1797\u17b6\u1796\u1787\u17b6\u1780\u17cb\u179f\u17d2\u178f\u17c2\u1784 \u1782\u17ba\u179c\u17b6\u179f\u17d2\u179a\u178a\u17c0\u1784\u1791\u17c5\u1793\u17b9\u1784\u1780\u17b6\u179a\u1785\u17b6\u1780\u17cb\u1790\u17d2\u1793\u17b6\u17c6\u178a\u17c2\u179b\u1798\u17b6\u1793\u179b\u17b6\u1799\u179f\u17b6\u179a\u1787\u17b6\u178f\u17b7\u1796\u17bb\u179b\u1785\u17bc\u179b\u1791\u17c5\u1780\u17d2\u1793\u17bb\u1784\u1781\u17d2\u179b\u17bd\u1793\u1798\u1793\u17bb\u179f\u17d2\u179f\u1780\u17d2\u1793\u17bb\u1784\u1782\u17c4\u179b\u1794\u17c6\u178e\u1784\u17a2\u17b6\u1780\u17d2\u179a\u1780\u17cb\u178e\u17b6\u1798\u17bd\u1799\u1799\u17c9\u17b6\u1784\u178a\u17bc\u1785\u17d2\u1793\u17c4\u17c7\u178a\u17c2\u179a \u1794\u17c9\u17bb\u1793\u17d2\u178f\u17c2\u1793\u17c5\u1791\u17b8\u1793\u17c1\u17c7\u1782\u17ba\u1782\u17c1\u1792\u17d2\u179c\u17be\u1791\u17c5\u179b\u17be\u1780\u17b6\u179a\u179b\u17bd\u1785\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u1793\u17c5\u179b\u17be\u179c\u17c9\u17c1\u1794\u179f\u17b6\u1799\u178a\u17c4\u1799\u1785\u17b6\u1780\u17cb\u1794\u1789\u17d2\u1785\u17bc\u179b\u1793\u17bc\u179c malicious statement\u17d4<\/em><\/p>\n<p id=\"1691\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">\u179a\u17b6\u179b\u17cb \u200bStatements \u1791\u17b6\u17c6\u1784\u17a1\u17b6\u1799\u178a\u17c2\u179b\u17a0\u17c1\u1782\u1783\u17d0\u179a\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u1793\u17b9\u1784\u178f\u17d2\u179a\u17bc\u179c\u1785\u17bc\u179b\u1791\u17c5\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784 Database Server \u178a\u17c2\u179b\u179f\u17d2\u1790\u17b7\u178f\u1793\u17c5\u1796\u17b8\u1780\u17d2\u179a\u17c4\u1799 Web application \u179a\u1794\u179f\u17cb\u1799\u17be\u1784\u17d4 \u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a \u17ac\u17a0\u17c1\u1782\u1783\u17d0\u179a\u17a2\u17b6\u1785\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u179c\u17b7\u1792\u17b8\u1793\u17c1\u17c7 \u178a\u17be\u1798\u17d2\u1794\u17b8\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u179a\u17c6\u179b\u1784\u1793\u17bc\u179c\u1794\u17d2\u179a\u1796\u17d0\u1793\u17d2\u1792\u179f\u17bb\u179c\u178f\u17d2\u1790\u17b7\u1797\u17b6\u1796\u179a\u1794\u179f\u17cb application\u17d4 \u1796\u17bd\u1780\u1782\u17c1\u17a2\u17b6\u1785\u1785\u17c1\u1789\u1785\u17bc\u179b Webpage \u17ac Website \u179a\u1794\u179f\u17cb\u1799\u17be\u1784\u178a\u17c4\u1799\u1798\u17b7\u1793\u1785\u17b6\u17c6\u1794\u17b6\u1785\u17cb\u179f\u17bb\u17c6\u1780\u17b6\u179a\u17a2\u1793\u17bb\u1789\u17d2\u1789\u17b6\u178f \u17ac\u179f\u17d2\u1793\u17be\u179f\u17bb\u17c6\u179f\u17b7\u1791\u17d2\u1792\u17b7\u17a2\u17d2\u179c\u17b8\u1791\u17b6\u17c6\u1784\u17a2\u179f\u17cb \u17a0\u17be\u1799\u1790\u17c2\u1798\u1791\u17b6\u17c6\u1784\u17a2\u17b6\u1785\u1791\u17b6\u1789\u1799\u1780\u17af\u1780\u179f\u17b6\u179a\u1785\u17c1\u1789\u1796\u17b8 Database \u179a\u1794\u179f\u17cb\u1799\u17be\u1784\u1794\u17b6\u1793\u1799\u17c9\u17b6\u1784\u1784\u17b6\u1799\u179f\u17d2\u179a\u17bd\u179b\u17d4 \u1796\u17bd\u1780\u1782\u17c1\u1780\u17cf\u17a2\u17b6\u1785\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb \u200bSQL injection \u1780\u17d2\u1793\u17bb\u1784\u1780\u17b6\u179a\u1794\u1789\u17d2\u1785\u17c1\u1789 \u1794\u1789\u17d2\u1785\u17bc\u179b \u1780\u17c2\u1794\u17d2\u179a\u17c2 \u17ac\u179b\u17bb\u1794\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u1796\u17b8 database \u1794\u17b6\u1793\u1795\u1784\u178a\u17c2\u179a\u17d4<\/p>\n<p id=\"caff\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\"><strong class=\"gq hc\">\u17e2. \u1795\u179b\u1794\u17c9\u17c7\u1796\u17b6\u179b\u17cb<\/strong><\/p>\n<p id=\"42bf\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">\u1785\u1793\u17d2\u179b\u17c4\u17c7\u1794\u17d2\u179a\u17a0\u17c4\u1784\u1793\u17c3 SQL injection \u17a2\u17b6\u1785\u1794\u17c9\u17c7\u1796\u17b6\u179b\u17cb\u1791\u17c5\u1782\u17d2\u179a\u1794\u17cb\u179c\u17c9\u17c1\u1794\u179f\u17b6\u1799\u1791\u17b6\u17c6\u1784\u17a1\u17b6\u1799\u178e\u17b6 \u178a\u17c2\u179b\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u200b\u200b SQL Database \u178a\u17bc\u1785\u1787\u17b6 MySQL, Oracle, SQL Server, \u1793\u17b7\u1784SQL Database \u1795\u17d2\u179f\u17c1\u1784\u17d7\u1791\u17c0\u178f\u17d4 \u17a0\u17c1\u1782\u1783\u17d0\u179a \u17a2\u17b6\u1785\u1793\u17b9\u1784\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cbSQL injection \u178a\u17be\u1798\u17d2\u1794\u17b8\u1785\u17bc\u179b\u1791\u17c5\u1780\u17b6\u1793\u17cb Database \u178a\u17c4\u1799\u1798\u17b7\u1793\u1785\u17b6\u17c6\u1794\u17b6\u1785\u17cb\u179f\u17bb\u17c6\u1780\u17b6\u179a\u17a2\u1793\u17bb\u1789\u17d2\u1789\u17b6\u178f \u179a\u17bd\u1785\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u179b\u17bd\u1785\u1799\u1780\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u179f\u17c6\u1781\u17b6\u1793\u17cb\u17d7\u178a\u17c2\u179b\u1798\u17b6\u1793\u178a\u17bc\u1785\u1787\u17b6\u17c8 \u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793\u17a2\u178f\u17b7\u1790\u17b7\u1787\u1793 \u1796\u17d0\u178f\u17cc\u1795\u17d2\u1791\u17b6\u179b\u17cb\u1781\u17d2\u179b\u17bd\u1793 \u17af\u1780\u179f\u17b6\u179a\u1796\u17b6\u178e\u17b7\u1787\u17d2\u1787\u1780\u1798\u17d2\u1798\u17ac\u1787\u17c6\u1793\u17bd\u1789 \u1780\u1798\u17d2\u1798\u179f\u17b7\u1791\u17d2\u1792\u1794\u1789\u17d2\u1789\u17b6 \u1780\u17bb\u1784\u1792\u1793\u17b6\u1782\u17b6\u179a \u1793\u17b7\u1784\u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793\u1795\u17d2\u179f\u17c1\u1784\u17d7\u1791\u17c0\u178f\u178a\u17c2\u179b\u1796\u17bd\u1780\u1782\u17c1\u1782\u17b7\u178f\u1790\u17b6\u179c\u17b6\u1798\u17b6\u1793\u1794\u17d2\u179a\u1799\u17c4\u1787\u1793\u17cd\u17d4<\/p>\n<p id=\"1c5b\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">SQL injection \u1787\u17b6\u179c\u17b7\u1792\u17b8\u179f\u17b6\u179f\u17d2\u179a\u17d2\u178f\u1785\u17c6\u178e\u17b6\u179f\u17cb\u1798\u17bd\u1799 \u178f\u17d2\u179a\u17bc\u179c\u1794\u17b6\u1793\u1794\u17d2\u179a\u17be\u1785\u17d2\u179a\u17be\u1793 \u1793\u17b7\u1784\u1782\u17d2\u179a\u17c4\u17c7\u1790\u17d2\u1793\u17b6\u1780\u17cb\u1794\u17c6\u1795\u17bb\u178f\u1793\u17c5\u179b\u17be web application \u1791\u17b6\u17c6\u1784\u17a1\u17b6\u1799\u178e\u17b6\u178a\u17c2\u179b\u1798\u17b6\u1793\u1797\u17b6\u1796\u1784\u17b6\u1799\u179a\u1784\u1782\u17d2\u179a\u17c4\u17c7\u17d4 \u17a2\u1784\u17d2\u1782\u1780\u17b6\u179a OWASP (Open Web Application Security Project) \u1794\u17b6\u1793\u178a\u17b6\u1780\u17cb\u1794\u1789\u17d2\u1785\u17bc\u179b Injections \u1791\u17c5\u1780\u17d2\u1793\u17bb\u1784\u1794\u1789\u17d2\u1787\u17b8 OWASP \u1780\u17c6\u1796\u17bc\u179b\u1791\u17b6\u17c6\u1784\u17e1\u17e0 \u179a\u1794\u179f\u17cb\u1781\u17d2\u179b\u17bd\u1793\u1793\u17c5\u1786\u17d2\u1793\u17b6\u17c6\u17e2\u17e0\u17e1\u17e7 \u1790\u17b6\u1787\u17b6\u1794\u17d2\u179a\u1797\u17c1\u1791\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u178a\u17c2\u179b\u1798\u17b6\u1793\u1780\u17b6\u179a\u1782\u1798\u17d2\u179a\u17b6\u1798\u1780\u17c6\u17a0\u17c2\u1784\u1781\u17d2\u179b\u17b6\u17c6\u1784\u1794\u17c6\u1795\u17bb\u178f\u1798\u17bd\u1799\u1793\u17c5\u179b\u17be\u1794\u17d2\u179a\u1796\u17d0\u1793\u17d2\u1792\u179f\u17bb\u179c\u178f\u17d2\u1790\u17b7\u1797\u17b6\u1796 Web application\u200b\u17d4<\/p>\n<p id=\"c731\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\"><strong class=\"gq hc\">\u17e3. \u178f\u17be SQL Injection \u1792\u17d2\u179c\u17be\u1791\u17c5\u1794\u17b6\u1793\u178f\u17b6\u1798\u179a\u1794\u17c0\u1794\u178e\u17b6?<\/strong><\/p>\n<figure class=\"fn fo fp fq fr fs cl cm paragraph-image\">\n<div class=\"n p aq\"><img decoding=\"async\" class=\"he\" src=\"https:\/\/miro.medium.com\/proxy\/0*wqfCoVPhWuIJ6Y_b.png\" \/><\/div><figcaption class=\"bo eg gj gk gl cn cl cm gm gn bj ef\" data-selectable-paragraph=\"\">\u1780\u17b6\u179a\u1794\u1789\u17d2\u1785\u17bc\u179b Sql injection \u1785\u17bc\u179b\u1791\u17c5\u1780\u17d2\u1793\u17bb\u1784 User input<\/figcaption><\/figure>\n<p id=\"a470\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">\u1798\u17bb\u1793\u1793\u17b9\u1784\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u178f\u17b6\u1798 SQL Injection \u17a0\u17c1\u1782\u1783\u17d0\u179a\u178f\u17d2\u179a\u17bc\u179c\u179f\u17d2\u179c\u17c2\u1784\u179a\u1780\u1785\u1793\u17d2\u179b\u17c4\u17c7\u1794\u17d2\u179a\u17a0\u17c4\u1784\u1793\u17c5\u179b\u17be\u179c\u17c9\u17c1\u1794\u179f\u17b6\u1799\u178f\u17b6\u1798\u179a\u1799\u17c8 User input (\u1780\u1793\u17d2\u179b\u17c2\u1784\u178a\u17c2\u179b\u17a2\u17d2\u1793\u1780\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u1794\u1789\u17d2\u1785\u17bc\u179b\u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793) \u1787\u17b6\u1798\u17bb\u1793\u179f\u17b7\u1793 \u17d4 \u179c\u17c9\u17c1\u1794\u179f\u17b6\u1799\u178a\u17c2\u179b\u1798\u17b6\u1793\u1785\u1793\u17d2\u179b\u17c4\u17c7\u1794\u17d2\u179a\u17a0\u17c4\u1784\u179f\u1798\u17d2\u179a\u17b6\u1794\u17cb SQL injection \u1782\u17ba\u1787\u17b6\u179c\u17c9\u17c1\u1794\u179f\u17b6\u1799\u178a\u17c2\u179b\u178a\u17c2\u179b\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb User input \u1794\u1789\u17d2\u1785\u17bc\u179b\u178a\u17c4\u1799\u1795\u17d2\u1791\u17b6\u179b\u17cb\u1791\u17c5\u1780\u17b6\u1793\u17cb SQL query\u200b \u17d4 \u17a0\u17c1\u1782\u1783\u17d0\u179a\u17a2\u17b6\u1785\u1794\u1784\u17d2\u1780\u17be\u178f input content \u200b\u1798\u17bd\u1799 \u178a\u17c2\u179b content \u1793\u17c4\u17c7\u1787\u17b6\u1791\u17bc\u1791\u17c5\u178f\u17d2\u179a\u17bc\u179c\u1794\u17b6\u1793\u17a0\u17c5\u1790\u17b6 malicious payload \u17a0\u17be\u1799\u179c\u17b6\u1780\u17cf\u1787\u17b6\u1782\u1793\u17d2\u179b\u17b9\u17c7\u179f\u17c6\u1781\u17b6\u1793\u17cb\u1798\u17bd\u1799\u1780\u17d2\u1793\u17bb\u1784\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1795\u1784\u178a\u17c2\u179a\u17d4 \u1794\u1793\u17d2\u1791\u17b6\u1794\u17cb\u1796\u17b8\u17a0\u17c1\u1782\u1783\u17d0\u179a\u1795\u17d2\u1789\u17be content\u200b \u1793\u17c1\u17c7\u1785\u17c1\u1789\u1791\u17c5\u200b, malicious SQL commands \u1780\u17cf\u1793\u17b9\u1784\u178f\u17d2\u179a\u17bc\u179c\u1794\u17b6\u1793\u1794\u17d2\u179a\u178f\u17b7\u1794\u178f\u17d2\u178f\u17b7\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784 database\u200b \u17d4<\/p>\n<p id=\"cde0\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">SQL \u1782\u17ba\u1787\u17b6 Query language \u1798\u17bd\u1799\u178a\u17c2\u179b\u178f\u17d2\u179a\u17bc\u179c\u1794\u17b6\u1793\u1794\u1784\u17d2\u1780\u17be\u178f\u17a1\u17be\u1784\u179f\u1798\u17d2\u179a\u17b6\u1794\u17cb\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u178a\u17c2\u179b\u1794\u17b6\u1793\u1795\u17d2\u1791\u17bb\u1780\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784 relational database\u200b \u17d4 \u1799\u17be\u1784\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u179c\u17b6\u178a\u17be\u1798\u17d2\u1794\u17b8\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784 \u1780\u17c2\u1794\u17d2\u179a\u17c2 \u1793\u17b7\u1784\u179b\u17bb\u1794\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u17d4 \u179c\u17c9\u17c1\u1794\u179f\u17b6\u1799\u1787\u17b6\u1785\u17d2\u179a\u17be\u1793\u1795\u17d2\u1791\u17bb\u1780\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784 SQL database \u17d4 \u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784\u1780\u179a\u178e\u17b8\u1798\u17bd\u1799\u1785\u17c6\u1793\u17bd\u1793\u1791\u17c0\u178f \u1799\u17be\u1784\u1780\u17cf\u17a2\u17b6\u1785\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb SQL command \u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784 Operating System commands \u1794\u17b6\u1793\u1795\u1784\u178a\u17c2\u179a\u17d4 \u178a\u17bc\u1785\u17d2\u1793\u17c1\u17c7\u17a0\u17be\u1799\u1794\u17b6\u1793\u1787\u17b6\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u178f\u17b6\u1798\u179a\u1799\u17c8 SQL injection \u1782\u17ba\u1794\u1789\u17d2\u17a0\u17b6\u1792\u17d2\u1784\u1793\u17cb\u1792\u17d2\u1784\u179a\u1798\u17bd\u1799\u179f\u1798\u17d2\u179a\u17b6\u1794\u17cb Web application\u17d4<\/p>\n<p id=\"2e0d\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\"><strong class=\"gq hc\">\u17e4. \u1782\u17bd\u179a\u1785\u1784\u1785\u17b6\u17c6<\/strong><\/p>\n<ul class=\"\">\n<li id=\"f569\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb hf hg hh\" data-selectable-paragraph=\"\">\u17a0\u17c1\u1782\u1783\u17d0\u179a \u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb SQL injection \u1780\u17d2\u1793\u17bb\u1784\u1780\u17b6\u179a\u179f\u17d2\u179c\u17c2\u1784\u179a\u1780\u17a2\u178f\u17d2\u178f\u179f\u1789\u17d2\u1789\u17b6\u178e\u179a\u1794\u179f\u17cb\u17a2\u17d2\u1793\u1780\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u178a\u17c2\u179b\u1798\u17b6\u1793\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784 Database \u17d4 \u1794\u1793\u17d2\u1791\u17b6\u1794\u17cb\u1798\u1780\u1796\u17bd\u1780\u1782\u17c1\u1780\u17d2\u179b\u17c2\u1784\u1781\u17d2\u179b\u17bd\u1793\u1787\u17b6 User \u178e\u17b6\u1798\u17d2\u1793\u17b6\u1780\u17cb\u17d4 \u17a2\u17d2\u1793\u1780\u178a\u17c2\u179b\u178f\u17d2\u179a\u17bc\u179c\u1794\u17b6\u1793\u1780\u17d2\u179b\u17c2\u1784\u1794\u1793\u17d2\u179b\u17c6\u1793\u17c4\u17c7\u17a2\u17b6\u1785\u1787\u17b6 Database Administrator \u178a\u17c4\u1799\u1798\u17b6\u1793\u179f\u17b7\u1791\u17d2\u1792\u17b7\u1780\u17b6\u1793\u17cb\u1780\u17b6\u1794\u17cb\u1793\u17bc\u179c Database \u1791\u17b6\u17c6\u1784\u1798\u17bc\u179b\u17d4<\/li>\n<li id=\"399a\" class=\"go gp dc bk gq b gr hi gt hj gv hk gx hl gz hm hb hf hg hh\" data-selectable-paragraph=\"\">SQL \u17a2\u17b6\u1785\u1794\u1784\u17d2\u17a0\u17b6\u1789\u1793\u17bc\u179c\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u1791\u17b6\u17c6\u1784\u17a2\u179f\u17cb\u1785\u17c1\u1789\u1796\u17b8 Database \u17d4 \u1785\u1793\u17d2\u179b\u17c4\u17c7\u1794\u17d2\u179a\u17a0\u17c4\u1784\u1793\u17c3 SQL injection \u17a2\u1793\u17bb\u1789\u17d2\u1789\u17b6\u178f\u17b2\u17d2\u1799\u17a0\u17c1\u1782\u1783\u17d0\u179a \u17a2\u17b6\u1785 Access \u1785\u17bc\u179b\u1791\u17c5\u1780\u17b6\u1793\u17cb Database server \u1794\u17b6\u1793\u1799\u17c9\u17b6\u1784\u1796\u17c1\u1789\u179b\u17c1\u1789\u17d4<\/li>\n<li id=\"301d\" class=\"go gp dc bk gq b gr hi gt hj gv hk gx hl gz hm hb hf hg hh\" data-selectable-paragraph=\"\">SQL \u17a2\u17b6\u1785\u17b2\u17d2\u1799\u1799\u17be\u1784\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u1780\u17c2\u1794\u17d2\u179a\u17c2\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799 \u1793\u17b7\u1784\u1794\u1793\u17d2\u1790\u17c2\u1798\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u1790\u17d2\u1798\u17b8\u1794\u17b6\u1793\u17d4 \u17a7\u1791\u17b6\u17a0\u179a\u178e\u17cd \u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784 Application \u17a0\u17b7\u179a\u1789\u17d2\u1789\u179c\u178f\u17d2\u1790\u17bb\u1798\u17bd\u1799 \u17a2\u17b6\u1785\u17b2\u17d2\u1799\u17a0\u17c1\u1782\u1783\u17d0\u179a\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb SQL injection \u178a\u17be\u1798\u17d2\u1794\u17b8\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u1780\u17c2\u1794\u17d2\u179a\u17c2\u1785\u17c6\u1793\u17bd\u1793\u179f\u1798\u178f\u17bb\u179b\u17d2\u1799 \u1780\u17b6\u179a\u1794\u17d2\u179a\u178f\u17b7\u1794\u178f\u17d2\u178f\u1780\u17b6\u179a\u179c\u17c1\u179b\u17bb\u1799 \u17ac\u179c\u17c1\u179b\u17bb\u1799\u1785\u17bc\u179b\u1782\u178e\u1793\u17b8\u179a\u1794\u179f\u17cb\u1796\u17bd\u1780\u1782\u17c1\u1787\u17b6\u178a\u17be\u1798\u17d4<\/li>\n<li id=\"6859\" class=\"go gp dc bk gq b gr hi gt hj gv hk gx hl gz hm hb hf hg hh\" data-selectable-paragraph=\"\">\u1782\u17c1\u17a2\u17b6\u1785\u1794\u17d2\u179a\u17be SQL \u178a\u17be\u1798\u17d2\u1794\u17b8\u179b\u17bb\u1794 record (\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u1787\u17b6\u1787\u17bd\u179a) \u1785\u17c1\u1789\u1796\u17b8 Database \u17ac\u179b\u17bb\u1794 Table \u1791\u17b6\u17c6\u1784\u1798\u17bc\u179b\u1794\u17b6\u1793\u1795\u1784\u178a\u17c2\u179a\u17d4 \u1794\u17be\u1791\u17c4\u17c7\u1794\u17b8\u1787\u17b6 Administrator \u1794\u17b6\u1793\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u179a\u1780\u17d2\u179f\u17b6\u1791\u17bb\u1780 (backup) \u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u179a\u17bd\u1785\u1798\u17d2\u178f\u1784\u17a0\u17be\u1799\u1780\u17cf\u178a\u17c4\u1799 \u1780\u17cf\u179c\u17b6\u1793\u17b9\u1784\u1792\u17d2\u179c\u17be\u17b2\u17d2\u1799\u1798\u17b6\u1793\u1795\u179b\u1794\u17c9\u17c7\u1796\u17b6\u179b\u17cb\u178a\u179b\u17cb application \u179a\u1794\u179f\u17cb\u1799\u17be\u1784\u1795\u1784\u178a\u17c2\u179a \u179a\u17a0\u17bc\u178f\u178a\u179b\u17cb\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u1793\u17c4\u17c7\u178f\u17d2\u179a\u17bc\u179c\u1794\u17b6\u1793\u179f\u17d2\u178f\u17b6\u179a\u1798\u1780\u179c\u17b7\u1789 (restored) \u17d4 \u1798\u17d2\u1799\u17c9\u17b6\u1784\u179c\u17b7\u1789\u1791\u17c0\u178f \u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u178a\u17c2\u179b\u1794\u17b6\u1793\u179a\u1780\u17d2\u179f\u17b6\u1791\u17bb\u1780\u1793\u17c4\u17c7\u1780\u17cf\u1798\u17b7\u1793\u1794\u17d2\u179a\u17b6\u1780\u178a\u1790\u17b6 \u1787\u17b6\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u1798\u17b6\u1793\u1794\u1785\u17d2\u1785\u17bb\u1794\u17d2\u1794\u1793\u17d2\u1793\u1797\u17b6\u1796\u1795\u1784\u178a\u17c2\u179a\u17d4<\/li>\n<li id=\"573a\" class=\"go gp dc bk gq b gr hi gt hj gv hk gx hl gz hm hb hf hg hh\" data-selectable-paragraph=\"\">\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784 Database server \u1798\u17bd\u1799\u1785\u17c6\u1793\u17bd\u1793 \u1782\u17c1\u17a2\u17b6\u1785 access \u1785\u17bc\u179b\u1791\u17c5\u1780\u17b6\u1793\u17cb Operating System \u1794\u17b6\u1793\u178f\u17b6\u1798\u179a\u1799\u17c8 Database server\u200b \u17d4 \u179c\u17b6\u17a2\u17b6\u1785\u1787\u17b6\u1785\u17c1\u178f\u1793\u17b6 \u17ac\u1787\u17b6\u1780\u17b6\u179a\u1785\u17c3\u178a\u1793\u17d2\u1799\u17d4 \u1780\u17d2\u1793\u17bb\u1784\u1780\u179a\u178e\u17b8\u1798\u17bd\u1799\u1785\u17c6\u1793\u17bd\u1793\u178a\u17bc\u1785\u1787\u17b6 \u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb SQL injection \u1787\u17b6 intial vector \u17a0\u17be\u1799\u1794\u1793\u17d2\u1791\u17b6\u1794\u17cb\u1798\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1785\u17bc\u179b\u1794\u178e\u17d2\u178f\u17b6\u1789\u1781\u17b6\u1784\u1780\u17d2\u1793\u17bb\u1784\u1793\u17c5\u1796\u17b8\u1780\u17d2\u179a\u17c4\u1799 Firewall \u17d4<\/li>\n<\/ul>\n<p id=\"c1c9\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">\u1798\u17b6\u1793\u179c\u17b7\u1792\u17b8\u179f\u17b6\u179f\u17d2\u178f\u17d2\u179a\u1785\u17d2\u179a\u17be\u1793\u1780\u17d2\u1793\u17bb\u1784\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u178f\u17b6\u1798\u179a\u1799\u17c8 SQL \u178a\u17c2\u179b\u1798\u17b6\u1793\u178a\u17bc\u1785\u1787\u17b6\u17d6 in-band SQLi(\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb database error \u17ac UNION commands), Blind SQLi \u1793\u17b7\u1784 out-of-band SQLi \u17d4 \u179b\u17c4\u1780\u17a2\u17d2\u1793\u1780\u17a2\u17b6\u1785\u17a2\u17b6\u1793\u179b\u1798\u17d2\u17a2\u17b7\u178f\u1790\u17c2\u1798\u1791\u17c0\u178f\u1794\u17b6\u1793\u178f\u17b6\u1798\u179a\u1799\u17c8\u00a0<a class=\"at cg hn ho hp hq\" href=\"https:\/\/www.acunetix.com\/websitesecurity\/sql-injection2\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Types of SQL Injection (SQLi)<\/a>,\u00a0<a class=\"at cg hn ho hp hq\" href=\"https:\/\/www.acunetix.com\/websitesecurity\/blind-sql-injection\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Blind SQL Injection: What is it<\/a>.<\/p>\n<p id=\"f6fd\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">\u178a\u17be\u1798\u17d2\u1794\u17b8\u17a2\u1793\u17bb\u179c\u178f\u17d2\u178f\u178f\u17b6\u1798\u1787\u17b6\u1787\u17c6\u17a0\u17b6\u1793\u17d7 \u1793\u17b7\u1784\u1785\u1784\u17cb\u178a\u17b9\u1784\u1790\u17b6\u178f\u17be\u1782\u17c1\u1792\u17d2\u179c\u17be\u179a\u1794\u17c0\u1794\u1798\u17c9\u17c1\u1785\u1781\u17d2\u179b\u17c7\u1793\u17c4\u17c7 \u17a2\u17b6\u1785\u1785\u17bc\u179b\u1791\u17c5\u1780\u17b6\u1793\u17cb\u17c8<br \/>\n<a class=\"at cg hn ho hp hq\" href=\"https:\/\/www.acunetix.com\/blog\/articles\/exploiting-sql-injection-example\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Exploiting SQL Injection: a Hands-on Example<\/a><\/p>\n<p id=\"d2d7\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\"><strong class=\"gq hc\">\u17e5.\u200b \u17a7\u1791\u17b6\u17a0\u179a\u178e\u17cd\u179f\u17b6\u1798\u1789\u17d2\u1789\u17d7<\/strong><\/p>\n<figure class=\"fn fo fp fq fr fs cl cm paragraph-image\">\n<div class=\"ft fu fv fw ak\">\n<div class=\"cl cm hr\">\n<div class=\"gc r fv gd\">\n<div class=\"hs r\">\n<div class=\"fx fy cp t u fz ak eh ga gb\"><img loading=\"lazy\" decoding=\"async\" class=\"cp t u fz ak gf gg as qs\" src=\"https:\/\/miro.medium.com\/max\/60\/1*qraufnA7PE3gVJIPE2H5OA.png?q=20\" width=\"1534\" height=\"828\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"li qq cp t u fz ak gi\" src=\"https:\/\/miro.medium.com\/max\/1534\/1*qraufnA7PE3gVJIPE2H5OA.png\" width=\"1534\" height=\"828\" \/><\/div>\n<\/div>\n<\/div>\n<\/div><figcaption class=\"bo eg gj gk gl cn cl cm gm gn bj ef\" data-selectable-paragraph=\"\">\u179a\u17bc\u1794\u1797\u17b6\u1796\u17a7\u1791\u17b6\u17a0\u179a\u178e\u17cd\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u178f\u17b6\u1798\u179a\u1799\u17c8 SQL injection<\/figcaption><\/figure>\n<p id=\"cdd5\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">\u17a7\u1791\u17b6\u17a0\u179a\u178e\u17cd\u1793\u17c1\u17c7\u1793\u17b9\u1784\u1794\u1784\u17d2\u17a0\u17b6\u1789\u1796\u17b8\u179a\u1794\u17c0\u1794\u178a\u17c2\u179b\u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u17a2\u17b6\u1785\u1785\u17bc\u179b\u1791\u17c5\u1780\u17b6\u1793\u17cb\u179c\u17c9\u17c1\u1794\u179f\u17b6\u1799\u179a\u1794\u179f\u17cb\u1799\u17be\u1784 \u179a\u17bd\u1785\u178a\u17be\u179a\u178f\u17bd\u1787\u17b6 Administrator \u178a\u17c4\u1799\u1798\u17b7\u1793\u1785\u17b6\u17c6\u1794\u17b6\u1785\u17cb\u179f\u17bb\u17c6\u1780\u17b6\u179a\u17a2\u1793\u17bb\u1789\u17d2\u1789\u17b6\u178f\u17a2\u17d2\u179c\u17b8\u1791\u17b6\u17c6\u17c6\u1784\u17a2\u179f\u17cb\u17d4<\/p>\n<p id=\"d02e\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">Script \u1781\u17b6\u1784\u1780\u17d2\u179a\u17c4\u1798\u1782\u17ba\u1787\u17b6 pseudocode \u178a\u17c2\u179b\u178a\u17c2\u179b\u1793\u17b9\u1784\u178f\u17d2\u179a\u17bc\u179c\u1794\u17d2\u179a\u178f\u17b7\u1794\u178f\u17d2\u178f\u17b7\u1780\u17b6\u179a\u179b\u17be Web server \u17d4 \u179c\u17b6\u1787\u17b6\u17a7\u1791\u17b6\u17a0\u179a\u178e\u17cd\u179f\u17b6\u1798\u1789\u17d2\u1789\u1798\u17bd\u1799\u178a\u17c2\u179b\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u200b\u200b username \u1793\u17b7\u1784 password \u178a\u17be\u1798\u17d2\u1794\u17b8 log \u1785\u17bc\u179b\u17d4 \u17a7\u1791\u17b6\u17a0\u179a\u178e\u17cd database \u1798\u17bd\u1799\u1798\u17b6\u1793 table \u1798\u17bd\u1799\u1788\u17d2\u1798\u17c4\u17c7 users \u178a\u17c4\u1799\u1798\u17b6\u1793 columns \u1796\u17b8\u179a\u1782\u17ba username \u1793\u17b7\u1784 password\u17d4<\/p>\n<blockquote class=\"ht hu hv\">\n<p id=\"84fe\" class=\"go gp dc hd gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\"># Define POST variables<\/p>\n<p id=\"462f\" class=\"go gp dc hd gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">uname = request.POST[\u2018username\u2019] passwd = request.POST[\u2018password\u2019]<\/p>\n<p id=\"3183\" class=\"go gp dc hd gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\"># SQL query vulnerable to SQLi<\/p>\n<p id=\"fbdc\" class=\"go gp dc hd gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">sql = \u201cSELECT id FROM users WHERE username=\u2019\u201d + uname + \u201c\u2019 AND password=\u2019\u201d + passwd + \u201c\u2019\u201d # Execute the SQL statement database.execute(sql)<\/p>\n<\/blockquote>\n<p id=\"c8f4\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">Input fields \u1781\u17b6\u1784\u179b\u17be\u1793\u17c1\u17c7\u1782\u17ba\u1798\u17b6\u1793\u1785\u1793\u17d2\u179b\u17c4\u17c7\u1794\u17d2\u179a\u17a0\u17c4\u1784\u179f\u1798\u17d2\u179a\u17b6\u1794\u17cb SQL injection \u17d4 \u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u17a2\u17b6\u1785\u1793\u17b9\u1784\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb SQL commands \u178a\u17b6\u1780\u17cb\u1785\u17bc\u179b\u1780\u17d2\u1793\u17bb\u1784 input \u178a\u17c2\u179b\u1787\u17b6\u1798\u1792\u17d2\u1799\u17c4\u1794\u17b6\u1799\u1798\u17bd\u1799\u17a2\u17b6\u1785\u17b2\u17d2\u1799\u1798\u17b6\u1793\u1780\u17b6\u179a\u1780\u17c2\u1794\u17d2\u179a\u17c2\u1793\u17bc\u179c SQL statement \u17a0\u17be\u1799\u1794\u17d2\u179a\u178f\u17b7\u1794\u178f\u17d2\u178f\u17b7\u1780\u17b6\u179a\u178a\u17c4\u1799 database server\u17d4 \u17a7\u1791\u17b6\u17a0\u179a\u178e\u17cd \u1782\u17c1\u17a2\u17b6\u1785\u1794\u17d2\u179a\u17be\u179b\u17d2\u1794\u17b7\u1785\u178a\u17c4\u1799\u178a\u17b6\u1780\u17cb\u200b single quote \u17a0\u17be\u1799 set passwd field \u1791\u17c5\u1787\u17b6\u17c8<\/p>\n<blockquote class=\"ht hu hv\">\n<p id=\"fa50\" class=\"go gp dc hd gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\"><code class=\"gd hw hx hy hz b\">password' OR 1=1<\/code><\/p>\n<\/blockquote>\n<p id=\"d8dd\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">\u1787\u17b6\u179b\u1791\u17d2\u1792\u1795\u179b Database server run \u1794\u17b6\u1793 command \u178a\u17bc\u1785\u1781\u17b6\u1784\u1780\u17d2\u179a\u17c4\u1798\u17d6<\/p>\n<blockquote class=\"ht hu hv\">\n<p id=\"5ba2\" class=\"go gp dc hd gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\"><code class=\"gd hw hx hy hz b\"><strong class=\"gq hc\">SELECT<\/strong>\u00a0id\u00a0<strong class=\"gq hc\">FROM<\/strong>\u00a0users\u00a0<strong class=\"gq hc\">WHERE<\/strong>\u00a0username='username'\u00a0<strong class=\"gq hc\">AND<\/strong>\u00a0<strong class=\"gq hc\">password<\/strong>=<strong class=\"gq hc\">'password' OR 1=1<\/strong>'<\/code><\/p>\n<\/blockquote>\n<p id=\"c7dc\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">\u1796\u17b8\u1796\u17d2\u179a\u17c4\u17c7\u178f\u17c2\u00a0<em class=\"hd\">OR 1=1&#8242;<\/em>\u00a0statement, \u1783\u17d2\u179b\u17b6\u00a0<em class=\"hd\">WHERE<\/em>\u00a0\u1793\u17b9\u1784 return id \u1785\u17c1\u1789\u1796\u17b8 id \u178a\u17c6\u1794\u17bc\u1784\u1782\u17c1\u178a\u17c4\u1799\u1798\u17b7\u1793\u1781\u17d2\u179c\u179b\u17cb\u1790\u17b6 username \u17ac password \u1793\u17c4\u17c7\u1787\u17b6\u17a2\u17d2\u179c\u17b8\u1793\u17c4\u17c7\u1791\u17c1\u17d4 \u1787\u17b6\u1791\u17bc\u1791\u17c5\u200b id \u17a2\u17d2\u1793\u1780\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u178a\u17c6\u1794\u17bc\u1784\u1782\u17c1\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784 database \u1782\u17ba\u1787\u17b6 Administrator \u17d4 \u1780\u17d2\u1793\u17bb\u1784\u1793\u17d0\u1799\u1793\u17c1\u17c7 \u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1798\u17b7\u1793\u178f\u17d2\u179a\u17b9\u1798\u178f\u17c2\u17a2\u17b6\u1785\u1786\u17d2\u179b\u1784\u1780\u17b6\u178f\u17cb authentication \u1794\u17b6\u1793\u1794\u17c9\u17bb\u178e\u17d2\u178e\u17c4\u17c7\u1791\u17c1 \u1794\u17c9\u17bb\u1793\u17d2\u178f\u17c2\u1782\u17c1\u17a2\u17b6\u1785\u1780\u17b6\u1793\u17cb\u1780\u17b6\u1794\u17cb\u179f\u17b7\u1791\u17d2\u1792\u17b7\u1787\u17b6 Administrator \u1794\u17b6\u1793\u1791\u17b6\u17c6\u1784\u179f\u17d2\u179a\u17bb\u1784\u1795\u1784\u178a\u17c2\u179a\u17d4 \u1782\u17c1\u1780\u17cf\u17a2\u17b6\u1785\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb comment \u1795\u17d2\u179f\u17c1\u1784\u1791\u17c0\u178f\u178a\u17be\u1798\u17d2\u1794\u17b8\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784\u1791\u17c5\u179b\u17be\u1780\u17b6\u179a\u1794\u17d2\u179a\u178f\u17b7\u1794\u178f\u17d2\u178f\u17b7\u1780\u17b6\u179a\u178e\u17cd\u179a\u1794\u179f\u17cb SQL query \u1794\u17b6\u1793\u1790\u17c2\u1798\u1791\u17c0\u178f\u1795\u1784\u178a\u17c2\u179a\u17c8<\/p>\n<blockquote class=\"ht hu hv\">\n<p id=\"fe94\" class=\"go gp dc hd gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\"><code class=\"gd hw hx hy hz b\">-- MySQL, MSSQL, Oracle, PostgreSQL, SQLite<br \/>\n' OR '1'='1'\u00a0<strong class=\"gq hc\">--<\/strong><br \/>\n' OR '1'='1'\u00a0<strong class=\"gq hc\">\/*<\/strong><br \/>\n-- MySQL<br \/>\n' OR '1'='1'\u00a0<strong class=\"gq hc\">#<\/strong><br \/>\n-- Access (using null characters)<br \/>\n' OR '1'='1'\u00a0<strong class=\"gq hc\">%00<\/strong><br \/>\n' OR '1'='1'\u00a0<strong class=\"gq hc\">%16<\/strong><\/code><\/p>\n<\/blockquote>\n<p id=\"674e\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\"><strong class=\"gq hc\">\u17e6.\u200b \u17a7\u1791\u17b6\u17a0\u179a\u178e\u17cd\u1793\u17c3 Union-Based SQL injection<\/strong><\/p>\n<p id=\"c2a5\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">\u1794\u17d2\u179a\u1797\u17c1\u1791\u1798\u17bd\u1799\u1791\u17c0\u178f\u178a\u17c2\u179b\u1782\u17c1\u1796\u17c1\u1789\u1793\u17b7\u1799\u1798\u1794\u17d2\u179a\u17be\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784 SQL injection \u1793\u17c4\u17c7\u1782\u17ba\u1780\u17b6\u179a\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb UNION operator\u200b \u17d4 \u179c\u17b6\u17a2\u1793\u17bb\u1789\u17d2\u1789\u17b6\u178f\u17b2\u17d2\u1799\u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u1795\u17d2\u179f\u17c6\u1794\u1789\u17d2\u1785\u17bc\u179b\u1793\u17bc\u179c\u179b\u1791\u17d2\u1792\u1795\u179b\u178a\u17c2\u179b\u1794\u17b6\u1793\u1798\u1780\u1796\u17b8 SELECT statement \u1796\u17b8\u179a\u17ac\u1785\u17d2\u179a\u17be\u1793\u1794\u1789\u17d2\u1785\u17bc\u179b\u1782\u17d2\u1793\u17b6 \u179a\u17bd\u1785\u1794\u1789\u17d2\u1785\u17c1\u1789\u1791\u17c5\u1787\u17b6\u179b\u1791\u17d2\u1792\u1795\u179b\u1798\u17bd\u1799\u17d4 \u1794\u1785\u17d2\u1785\u17c1\u1780\u1791\u17c1\u179f\u1793\u17c1\u17c7\u1782\u17c1\u17a0\u17c5\u1790\u17b6\u00a0<em class=\"hd\">Union-Based SQL injection \u17d4<\/em><\/p>\n<p id=\"75d8\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">\u17a7\u1791\u17b6\u17a0\u179a\u178e\u17cd\u1781\u17b6\u1784\u1780\u17d2\u179a\u17c4\u1798\u1782\u17ba\u1787\u17b6\u1780\u17b6\u179a Request HTTP \u179f\u17b6\u1798\u1789\u17d2\u1789\u1798\u17bd\u1799\u178a\u17c2\u179b\u17a2\u17d2\u1793\u1780\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u1782\u17b6\u178f\u17cb\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u1795\u17d2\u1789\u17be\u1785\u17c1\u1789\u17d6<\/p>\n<blockquote class=\"ht hu hv\">\n<p id=\"c42d\" class=\"go gp dc hd gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\"><strong class=\"gq hc\">GET\u00a0<\/strong><a class=\"at cg hn ho hp hq\" href=\"http:\/\/testphp.vulnweb.com\/artists.php?artist=1\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><strong class=\"gq hc\">http:\/\/testphp.vulnweb.com\/artists.php?artist=1<\/strong><\/a><strong class=\"gq hc\">\u00a0HTTP\/1.1<\/strong>\u00a0Host: testphp.vulnweb.com<\/p>\n<\/blockquote>\n<figure class=\"fn fo fp fq fr fs cl cm paragraph-image\">\n<div class=\"ft fu fv fw ak\">\n<div class=\"cl cm ia\">\n<div class=\"gc r fv gd\">\n<div class=\"ib r\">\n<div class=\"fx fy cp t u fz ak eh ga gb\"><img loading=\"lazy\" decoding=\"async\" class=\"cp t u fz ak gf gg as qs\" src=\"https:\/\/miro.medium.com\/max\/60\/0*RQcNrc08ukBxJ-mO.png?q=20\" width=\"718\" height=\"603\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"li qq cp t u fz ak gi\" src=\"https:\/\/miro.medium.com\/max\/718\/0*RQcNrc08ukBxJ-mO.png\" width=\"718\" height=\"603\" \/><\/div>\n<\/div>\n<\/div>\n<\/div><figcaption class=\"bo eg gj gk gl cn cl cm gm gn bj ef\" data-selectable-paragraph=\"\">Union-base SQLi \u179c\u17c9\u17c1\u1794\u179f\u17b6\u1799\u179b\u17c6\u1793\u17b6\u17c6\u178a\u17be\u1798<\/figcaption><\/figure>\n<p id=\"e511\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\"><em class=\"hd\">artist<\/em>\u00a0parameter \u1782\u17ba\u1787\u17b6\u1785\u1793\u17d2\u179b\u17c4\u17c7\u1794\u17d2\u179a\u17a0\u17c4\u1784\u179f\u1798\u17d2\u179a\u17b6\u1794\u17cb SQL injection \u17d4 Payload \u1781\u17b6\u1784\u1780\u17d2\u179a\u17c4\u1798\u1793\u17b9\u1784\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u1780\u17c2\u1794\u17d2\u179a\u17c2 query \u178a\u17be\u1798\u17d2\u1794\u17b8\u179f\u17d2\u179c\u17c2\u1784\u179a\u1780 Record \u178a\u17c2\u179b\u1798\u17b7\u1793\u1791\u17b6\u1793\u17cb\u1798\u17b6\u1793\u17d4 \u179c\u17b6 sets value \u1780\u17d2\u1793\u17bb\u1784 URL query string \u1791\u17c5\u1787\u17b6 -1 (\u1796\u17d2\u179a\u17c4\u17c7\u1799\u17be\u1784\u1785\u1784\u17cb\u179f\u17d2\u179c\u17c2\u1784\u179a\u1780 \u200brecord \u178a\u17c2\u179b\u1798\u17b7\u1793\u1798\u17b6\u1793\u1780\u17d2\u1793\u17bb\u1784 database) \u17a0\u17be\u1799\u1787\u17b6\u1791\u17bc\u1791\u17c5\u1782\u17c1\u1798\u17b7\u1793 store \u1785\u17c6\u1793\u17bd\u1793\u17a2\u179c\u17b7\u1787\u17d2\u1787\u1798\u17b6\u1793\u1793\u17c4\u17c7\u1791\u17c1\u17d4<\/p>\n<p id=\"e436\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784 SQL injection, UNION operator \u1782\u17ba\u1796\u17c1\u1789\u1793\u17b7\u1799\u1798\u1780\u17d2\u1793\u17bb\u1784\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u1797\u17d2\u1787\u17b6\u1794\u17cb\u1787\u17b6\u1798\u17bd\u1799\u1793\u17b9\u1784 malicious SQL query (query \u1798\u17b7\u1793\u179b\u17d2\u17a2) \u1791\u17c5\u1780\u17b6\u1793\u17cb\u200b query \u178a\u17be\u1798\u200b \u1780\u17d2\u1793\u17bb\u1784\u1782\u17c4\u179b\u1794\u17c6\u178e\u1784\u17b2\u17d2\u1799\u179c\u17b6 run \u1785\u17bc\u179b web application \u17d4 \u179b\u1791\u17d2\u1792\u1795\u179b\u1793\u17c3 query (injected query)\u178a\u17c2\u179b\u1794\u17b6\u1793\u1785\u17b6\u1780\u17cb\u1794\u1789\u17d2\u1785\u17bc\u179b \u1793\u17b7\u1784\u1794\u1789\u17d2\u1785\u17bc\u179b\u1787\u17b6\u1798\u17bd\u1799\u179b\u1791\u17d2\u1792\u1795\u179b\u179a\u1794\u179f\u17cb query \u178a\u17be\u1798 (original query) \u17d4 \u1780\u17b6\u179a\u178e\u17cd\u1793\u17c1\u17c7\u1792\u17d2\u179c\u17be\u17b2\u17d2\u1799\u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1791\u1791\u17bd\u179b\u1794\u17b6\u1793 column values \u1796\u17b8\u200b Table \u17d4<\/p>\n<blockquote class=\"ht hu hv\">\n<p id=\"4d7e\" class=\"go gp dc hd gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\"><strong class=\"gq hc\">GET\u00a0<\/strong><a class=\"at cg hn ho hp hq\" href=\"http:\/\/testphp.vulnweb.com\/artists.php?artist=-1\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><strong class=\"gq hc\">http:\/\/testphp.vulnweb.com\/artists.php?artist=-1<\/strong><\/a><strong class=\"gq hc\">\u00a0UNION SELECT 1, 2, 3 HTTP\/1.1 Host: testphp.vulnweb.com<\/strong><\/p>\n<\/blockquote>\n<figure class=\"fn fo fp fq fr fs cl cm paragraph-image\">\n<div class=\"ft fu fv fw ak\">\n<div class=\"cl cm ia\">\n<div class=\"gc r fv gd\">\n<div class=\"ib r\">\n<div class=\"fx fy cp t u fz ak eh ga gb\"><img loading=\"lazy\" decoding=\"async\" class=\"cp t u fz ak gf gg as qs\" src=\"https:\/\/miro.medium.com\/max\/60\/0*7j21GEizGA9tMFrD.png?q=20\" width=\"718\" height=\"603\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"li qq cp t u fz ak gi\" src=\"https:\/\/miro.medium.com\/max\/718\/0*7j21GEizGA9tMFrD.png\" width=\"718\" height=\"603\" \/><\/div>\n<\/div>\n<\/div>\n<\/div><figcaption class=\"bo eg gj gk gl cn cl cm gm gn bj ef\" data-selectable-paragraph=\"\">Union-base SQLi \u179c\u17c9\u17c1\u1794\u179f\u17b6\u1799\u1785\u17b6\u1794\u17cb\u1795\u17d2\u178f\u17be\u1798\u1780\u17c2\u1794\u17d2\u179a\u17c2 query (UNION operator)<\/figcaption><\/figure>\n<p id=\"1b98\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">\u17a7\u1791\u17b6\u17a0\u179a\u178e\u17cd\u1781\u17b6\u1784\u1780\u17d2\u179a\u17c4\u1798\u1794\u1784\u17d2\u17a0\u17b6\u1789\u1796\u17b8\u179a\u1794\u17c0\u1794\u178a\u17c2\u179b SQL injection payload \u178f\u17d2\u179a\u17bc\u179c\u1794\u17b6\u1793\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u178a\u17be\u1798\u17d2\u1794\u17b8\u1791\u17b6\u1789\u1799\u1780\u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793\u179f\u17c6\u1781\u17b6\u1793\u17cb\u17d7\u1785\u17c1\u1789\u1796\u17b8\u179c\u17c9\u17c1\u1794\u179f\u17b6\u1799\u178a\u17c2\u179b\u1784\u17b6\u1799\u179a\u1784\u1782\u17d2\u179a\u17c4\u17c7\u17d6<\/p>\n<blockquote class=\"ht hu hv\">\n<p id=\"993d\" class=\"go gp dc hd gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\"><strong class=\"gq hc\">GET\u00a0<\/strong><a class=\"at cg hn ho hp hq\" href=\"http:\/\/testphp.vulnweb.com\/artists.php?artist=-1\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><strong class=\"gq hc\">http:\/\/testphp.vulnweb.com\/artists.php?artist=-1<\/strong><\/a><strong class=\"gq hc\">\u00a0UNION SELECT 1,pass,cc FROM users WHERE uname=\u2019test\u2019 HTTP\/1.1 Host: testphp.vulnweb.com<\/strong><\/p>\n<\/blockquote>\n<figure class=\"fn fo fp fq fr fs cl cm paragraph-image\">\n<div class=\"ft fu fv fw ak\">\n<div class=\"cl cm ia\">\n<div class=\"gc r fv gd\">\n<div class=\"ib r\">\n<div class=\"fx fy cp t u fz ak eh ga gb\"><img loading=\"lazy\" decoding=\"async\" class=\"cp t u fz ak gf gg as qs\" src=\"https:\/\/miro.medium.com\/max\/60\/0*8rBeurvl6Wm17syE.png?q=20\" width=\"718\" height=\"603\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"li qq cp t u fz ak gi\" src=\"https:\/\/miro.medium.com\/max\/718\/0*8rBeurvl6Wm17syE.png\" width=\"718\" height=\"603\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"90dd\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\"><strong class=\"gq hc\">\u17e7. \u179a\u1794\u17c0\u1794\u1780\u17d2\u1793\u17bb\u1784\u1780\u17b6\u179a\u1794\u1784\u17d2\u1780\u17b6\u179a\u1796\u17b8 SQL injection<\/strong><\/p>\n<figure class=\"fn fo fp fq fr fs cl cm paragraph-image\">\n<div class=\"ft fu fv fw ak\">\n<div class=\"cl cm ic\">\n<div class=\"gc r fv gd\">\n<div class=\"id r\">\n<div class=\"fx fy cp t u fz ak eh ga gb\"><img loading=\"lazy\" decoding=\"async\" class=\"cp t u fz ak gf gg as qs\" src=\"https:\/\/miro.medium.com\/max\/60\/0*hTxgDyHOP6ymtz77.jpg?q=20\" width=\"863\" height=\"315\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"li qq cp t u fz ak gi\" src=\"https:\/\/miro.medium.com\/max\/863\/0*hTxgDyHOP6ymtz77.jpg\" width=\"863\" height=\"315\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p id=\"b5a9\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">\u1798\u1792\u17d2\u1799\u17c4\u1794\u17b6\u1799\u178f\u17c2\u1798\u17bd\u1799\u1782\u178f\u17cb\u1780\u17d2\u1793\u17bb\u1784\u1780\u17b6\u179a\u1794\u1784\u17d2\u1780\u17b6\u179a\u1780\u17bb\u17c6\u17b2\u17d2\u1799\u1798\u17b6\u1793\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1796\u17b8 SQL injection \u1793\u17c4\u17c7\u1782\u17ba input validation (\u179f\u17bb\u1796\u179b\u1797\u17b6\u1796\u1780\u17b6\u179a\u1794\u1789\u17d2\u1785\u17bc\u179b) \u1793\u17b7\u1784\u1780\u17b6\u179a\u179a\u17c0\u1794\u1785\u17c6 parameterized queries \u179a\u17bd\u1798\u1787\u17b6\u1798\u17bd\u1799\u1793\u17b9\u1784 statement \u178a\u17c2\u179b\u1793\u17b9\u1784\u178f\u17d2\u179a\u17bc\u179c\u179a\u17c0\u1794\u1785\u17c6\u17d4 Application code \u1798\u17b7\u1793\u1782\u17bd\u179a\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb input \u1795\u17d2\u1791\u17b6\u179b\u17cb\u1787\u17b6\u1798\u17bd\u1799\u1793\u17b9\u1784 SQL query \u1793\u17c4\u17c7\u1791\u17c1\u17d4 \u17a2\u17d2\u1793\u1780 develop \u1791\u17b6\u17c6\u1784\u17a1\u17b6\u1799\u1782\u17bd\u179a\u178e\u17b6\u179f\u17cb\u178f\u17c2\u179a\u17c0\u1794\u1785\u17c6\u1782\u17d2\u179a\u1794\u17cb input form \u1791\u17b6\u17c6\u1784\u17a2\u179f\u17cb\u17b2\u17d2\u1799\u1798\u17b6\u1793\u179f\u178e\u17d2\u178f\u17b6\u1794\u17cb\u1792\u17d2\u1793\u17b6\u1794\u17cb \u178a\u17c4\u1799\u1798\u17b7\u1793\u1782\u17d2\u179a\u17b6\u1793\u17cb\u178f\u17c2 validate \u1791\u17c5\u179b\u17be login form \u178f\u17c2\u1798\u17bd\u1799\u1798\u17bb\u1781\u1782\u178f\u17cb\u1793\u17c4\u17c7\u17a1\u17be\u1799\u17d4 \u17a2\u17d2\u1793\u1780\u1782\u17bd\u179a\u178f\u17c2\u179b\u17bb\u1794\u1785\u17c4\u179b\u1793\u17bc\u179c\u179a\u17b6\u179b\u17cb code elements \u1791\u17b6\u17c6\u1784\u17a1\u17b6\u1799\u178e\u17b6\u178a\u17c2\u179b\u17a2\u17b6\u1785\u1794\u1784\u17d2\u1780\u17b2\u17d2\u1799\u1798\u17b6\u1793\u1785\u1793\u17d2\u179b\u17c4\u17c7\u1794\u17d2\u179a\u17a0\u17c4\u1784\u178a\u17bc\u1785\u1787\u17b6 single quote \u1787\u17b6\u178a\u17be\u1798\u17d4\u179b\u17d4 \u179c\u17b6\u1780\u17cf\u1787\u17b6\u1787\u1798\u17d2\u179a\u17be\u179f\u179b\u17d2\u17a2\u1798\u17bd\u1799\u1795\u1784\u178a\u17c2\u179a \u1794\u17d2\u179a\u179f\u17b7\u1793\u178e\u17b6\u1794\u17be\u1799\u17be\u1784\u1794\u17b7\u1791\u1798\u17b7\u1793\u17b2\u17d2\u1799\u1782\u17c1\u1798\u17be\u179b\u1783\u17be\u1789 database error \u1793\u17c5\u179b\u17be production site \u1796\u17d2\u179a\u17c4\u17c7\u1790\u17b6 Database error \u17a2\u17b6\u1785\u1793\u17b9\u1784\u178f\u17d2\u179a\u17bc\u179c\u1794\u17b6\u1793\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u1787\u17b6\u1798\u17bd\u1799 SQL injection \u178a\u17be\u1798\u17d2\u1794\u17b8\u1791\u17b6\u1789\u1799\u1780\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u1785\u17c1\u1789\u1796\u17b8\u200b Database server \u179a\u1794\u179f\u17cb\u1799\u17be\u1784\u17d4<\/p>\n<p id=\"7caa\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">\u1794\u17d2\u179a\u179f\u17b7\u1793\u1794\u17be\u1799\u17be\u1784\u179a\u1780\u1783\u17be\u1789\u1785\u1793\u17d2\u179b\u17c4\u17c7\u1794\u17d2\u179a\u17a0\u17c4\u1784 SQL injection \u178a\u17c4\u1799\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb tool scan \u178e\u17b6\u1798\u17bd\u1799 \u1793\u17c4\u17c7\u179b\u17c4\u1780\u17a2\u17d2\u1793\u1780\u1798\u17bb\u1781\u1787\u17b6\u1798\u17b7\u1793\u17a2\u17b6\u1785\u1787\u17bd\u179f\u1787\u17bb\u179b\u179c\u17b6\u1794\u17b6\u1793\u1797\u17d2\u179b\u17b6\u1798\u17d7\u1793\u17c4\u17c7\u1791\u17c1\u17d4 \u17a7\u1791\u17b6\u17a0\u179a\u178e\u17cd \u179c\u17b6\u17a2\u17b6\u1785\u1793\u17b9\u1784\u1794\u17be\u1780\u1785\u17c6\u17a0\u179a\u1793\u17bc\u179c source codes \u179a\u1794\u179f\u17cb\u1799\u17be\u1784\u17d4 \u1780\u17d2\u1793\u17bb\u1784\u1780\u179a\u178e\u17b8\u1793\u17c1\u17c7 \u179b\u17c4\u1780\u17a2\u17d2\u1793\u1780\u17a2\u17b6\u1785\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb web application firewall \u1780\u17d2\u1793\u17bb\u1784\u1780\u17b6\u179a validate input \u1787\u17b6\u1794\u178e\u17d2\u178f\u17c4\u17c7\u17a2\u17b6\u179f\u1793\u17d2\u1793\u1787\u17b6\u1798\u17bb\u1793\u179f\u17b7\u1793\u17d4<\/p>\n<p id=\"7a3c\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">\u178a\u17be\u1798\u17d2\u1794\u17b8\u179a\u17c0\u1793\u1796\u17b8\u1780\u17b6\u179a\u1794\u1784\u17d2\u1780\u17b6\u179a SQL injectio \u1793\u17c5\u179b\u17be PHP \u179f\u17bc\u1798\u1798\u17be\u179b\u179b\u1798\u17d2\u17a2\u17b7\u178f\u17d6\u00a0<a class=\"at cg hn ho hp hq\" href=\"https:\/\/www.acunetix.com\/blog\/articles\/prevent-sql-injection-vulnerabilities-in-php-applications\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Preventing SQL Injection Vulnerabilities in PHP Applications and Fixing Them<\/a>\u17d4 \u1785\u1784\u17cb\u178a\u17b9\u1784\u1794\u1793\u17d2\u1790\u17c2\u1798\u1796\u17b8\u179a\u1794\u17c0\u1794\u1792\u17d2\u179c\u17be\u1793\u17c5\u179b\u17be\u1797\u17b6\u179f\u17b6\u178a\u1791\u17c3\u1795\u17d2\u179f\u17c1\u1784\u1791\u17c0\u178f \u17a2\u17b6\u1785\u1798\u17be\u179b\u1794\u17b6\u1793\u178f\u17b6\u1798\u00a0<a class=\"at cg hn ho hp hq\" href=\"http:\/\/bobby-tables.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Bobby Tables guide to preventing SQL Injection<\/a>\u17d4 \u179f\u17bc\u1798\u17a2\u179a\u1782\u17bb\u178e \ud83d\ude42<\/p>\n<p id=\"f016\" class=\"go gp dc bk gq b gr gs gt gu gv gw gx gy gz ha hb cu\" data-selectable-paragraph=\"\">\u17af\u1780\u179f\u17b6\u179a\u1799\u17c4\u1784\u17d6\u00a0<a class=\"at cg hn ho hp hq\" href=\"https:\/\/www.acunetix.com\/websitesecurity\/sql-injection\/?fbclid=IwAR172xDffxu9NeAkl9eFpFfQo_x_mUZcVPno-eqz9X0tke1oD4eVS5gTdSQ\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">https:\/\/www.acunetix.com\/websitesecurity\/sql-injection\/?fbclid=IwAR172xDffxu9NeAkl9eFpFfQo_x_mUZcVPno-eqz9X0tke1oD4eVS5gTdSQ<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u17e1. \u1793\u17b7\u1799\u1798\u1793\u17d0\u1799 SQL injection \u1787\u17b6\u1794\u17d2\u179a\u1797\u17c1\u1791 injection attack&hellip;<\/p>\n","protected":false},"author":1,"featured_media":3244,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[423,360,450,84],"tags":[484],"class_list":["post-3243","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-javascript","category-jquery","category-mysql","category-tipstricks","tag-sql-injection"],"_links":{"self":[{"href":"https:\/\/isophal.com\/news\/wp-json\/wp\/v2\/posts\/3243","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/isophal.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/isophal.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/isophal.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/isophal.com\/news\/wp-json\/wp\/v2\/comments?post=3243"}],"version-history":[{"count":1,"href":"https:\/\/isophal.com\/news\/wp-json\/wp\/v2\/posts\/3243\/revisions"}],"predecessor-version":[{"id":3245,"href":"https:\/\/isophal.com\/news\/wp-json\/wp\/v2\/posts\/3243\/revisions\/3245"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/isophal.com\/news\/wp-json\/wp\/v2\/media\/3244"}],"wp:attachment":[{"href":"https:\/\/isophal.com\/news\/wp-json\/wp\/v2\/media?parent=3243"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/isophal.com\/news\/wp-json\/wp\/v2\/categories?post=3243"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/isophal.com\/news\/wp-json\/wp\/v2\/tags?post=3243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}