Method and device for constructing SQL statement
A statement and construction technology, applied in the field of constructing structured query language statements, can solve problems such as security risks
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Method used
Image
Examples
Embodiment 1
[0109] Embodiment 1: Construct query and / or delete type SQL statement
[0110] a. Obtain information for constructing the SQL statement, and find out all variables from the information for constructing the SQL statement. Here, the information used to construct the SQL statement is information for query and / or delete type SQL statements.
[0111] b. Add single quotation marks to all the information used to construct the SQL statement except the variables; thus ensuring that this part of the content cannot be constructed using variables.
[0112] c. Perform filtering operations on all the variables, specifically including:
[0113] c1. Find the variables belonging to the first category from all the variables, that is, find out the field name variable and the table name variable, and judge whether the field name variable and the table name variable are within the predetermined range value, if so The first type of variable passes the filter operation, otherwise it will give an e...
Embodiment 2
[0153] Embodiment 2: Constructing an insert-type SQL statement
[0154] a. Obtain information for constructing the SQL statement, and find out all variables from the information for constructing the SQL statement. Here, the information for constructing the SQL statement is information for an insert-type SQL statement.
[0155] b. Add single quotation marks to all the information used to construct the SQL statement except the variables; thus ensuring that this part of the content cannot be constructed using variables.
[0156] c. Perform filtering operations on all the variables, specifically including:
[0157] c1. Find the variables belonging to the first category from all the variables, that is, find out the field name variable and the table name variable, and judge whether the field name variable and the table name variable are within the predetermined range value, if so The first type of variable passes the filter operation, otherwise it will give an error message or ret...
Embodiment 3
[0191] Embodiment 3: Constructing an update-type SQL statement
[0192] a. Obtain information for constructing the SQL statement, and find out all variables from the information for constructing the SQL statement. Here, the information for constructing the SQL statement is information for an update-type SQL statement.
[0193] b. Add single quotation marks to all the information used to construct the SQL statement except the variables; thus ensuring that this part of the content cannot be constructed using variables.
[0194] c. Perform filtering operations on all the variables, specifically including:
[0195] c1. Find the variables belonging to the first category from all the variables, that is, find out the field name variable and the table name variable, and judge whether the field name variable and the table name variable are within the predetermined range value, if so The first type of variable passes the filter operation, otherwise it will give an error message or ret...
PUM
Abstract
Description
Claims
Application Information
- R&D Engineer
- R&D Manager
- IP Professional
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap