Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

SQL resisting injection technology using regular expression

A technology of expression and technology, applied in the field of anti-SQL injection technology using regular expressions, can solve problems such as scalability limitations, and achieve the effect of avoiding stack overflow

Inactive Publication Date: 2009-09-09
山东中创软件商用中间件股份有限公司
View PDF0 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method of string search is powerless for those complex application scenarios, and its scalability is also very limited; and now the application scenarios are becoming more and more complex, and there are more and more rules for attacking the database; so the key The method of word search should also be retired, and it should be replaced by a more powerful mechanism

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SQL resisting injection technology using regular expression
  • SQL resisting injection technology using regular expression

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] Embodiments of the present invention will be described in detail below.

[0034] An anti-SQL injection technology using regular expressions, which first performs process initialization and then performs verification.

[0035] The initialization process is as follows figure 1 As shown, the process starts at step 101, and the process starts.

[0036] Then enter step 102, read the configuration, and for the flexibility of the system, some parameters are specified by manual configuration through configuration. Because the configuration information affects the running process of the system, it is the first action to be executed after the process starts.

[0037] Then go to step 103, read the rule base, and write the rule information into the configuration file for easy scalability and maintainability of the program. The purpose of this step is to read the content in the rule base into the memory.

[0038] Then enter step 104 to initialize rule objects. In order to improve...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a SQL resisting injection technology using a regular expression, namely a mechanism which uses InforGuard to carry out rule verification for SQL sentences of an operation network databank. Firstly, processes are initialized and then are validated, and a validating process adopts the regular expression mechanism. The invention solves the defects of simple function and poor expansibility of the current validation mechanism and has good expansibility, stable and high-efficiency validation algorithm and strong compatibility.

Description

technical field [0001] The invention relates to a technology for preventing SQL injection by using regular expressions, that is, a mechanism for InforGuard to verify the rules of SQL statements for operating website databases. Background technique [0002] In network applications based on WEB servers or application servers (hereinafter referred to as servers), it is necessary to protect the database deployed on the server. legality. [0003] At present, the scheme adopted in this field is: keyword search. [0004] This method is to find out whether there are any defined illegal keywords in the request statement. Generally speaking, it is to judge whether a character contains another string. This method of string search is powerless for those complex application scenarios, and its scalability is also very limited; and now the application scenarios are becoming more and more complex, and there are more and more rules for attacking the database; so the key The way of word se...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30
Inventor 刘江宁黄三伟刘宗福刘春王进石磊刘毅枫
Owner 山东中创软件商用中间件股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products