题 目:SQL 注入攻击与防御技术 摘 要自 20 世纪 90 年代末起,互联网技术得到快速发展,web 应用程序越来越多带给人们极大的便利,但与此同时针对 web 应用的攻击也越来越多。SQL 注入攻击就是其中一种最常见的,而且 SQL 注入具有隐蔽性大,危害性高、易于实施等特点。目前对于这种攻击技术的研究比较混乱,本文对 SQL 注入技术进行了深入的归纳整理总结研究,系统性详细阐述了 SQL 注入攻击技术的产生背景、攻击原理、攻击手段和防御手段等相关知识。最后本文提出 SQL 注入防范模型,在理论能有效防止 SQL 注入攻击。该防御系统具有一定的应用价值。关键字:SQL 注入攻击 SQL 注入防御ABSTRACTSince the end of the 1990s, Internet technology has developed rapidly, and more and more web applications have brought great convenience to people, but at the same time, more and more attacks on Web applications have been made. SQL injection is one of the most common attacks, and SQL injection is characterized by high invisibility, high hazard and easy implementation. At present, the research on this kind of attack technology is rather chaotic. This paper makes a thorough summary and Research on SQL injection technology, and systematically expounds the background, attack principle, attack means and defense means of SQL injection attack technology. Finally, this paper proposes a SQL injection prevention model, which can effectively prevent SQL injection attacks. The defense system has a certain value of application.Keyword: SQL injection attack SQL injection defense目录.......................................4..............................4..............................5................................6...............6...........6....................................7............................8........................8.................................8.....................8......................9...........................10....................10................11......