lostecho/build-web-application-with-golang
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix code typo

Browse Source
This commit is contained in:
元炜
2017-02-20 14:10:24 +08:00
parent 349b1fdc97
commit b99eff3c90
5 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
de/09.4.md
View File

@@ -32,7 +32,7 @@ If the user inputs a user name or password as:
Then our SQL becomes the following:
SELECT * FROM user WHERE username='myuser' or 'foo'=='foo' --'' AND password='xxx'
SELECT * FROM user WHERE username='myuser' or 'foo' = 'foo' --'' AND password='xxx'
In SQL, anything after `--` is a comment. Thus, inserting the `--` as the attacker did above alters the query in a fatal way, allowing an attacker to successfully login as a user without a valid password.

2
en/09.4.md
View File

@@ -32,7 +32,7 @@ If the user inputs a user name or password as:
Then our SQL becomes the following:
SELECT * FROM user WHERE username='myuser' or 'foo'=='foo' --'' AND password='xxx'
SELECT * FROM user WHERE username='myuser' or 'foo' = 'foo' --'' AND password='xxx'
In SQL, anything after `--` is a comment. Thus, inserting the `--` as the attacker did above alters the query in a fatal way, allowing an attacker to successfully login as a user without a valid password.

2
ja/09.4.md
View File

@@ -28,7 +28,7 @@ SQLインジェクションが発生する原因はプログラムがユーザ
我々のSQLは以下のようになります
SELECT * FROM user WHERE username='myuser' or 'foo'=='foo' --'' AND password='xxx'
SELECT * FROM user WHERE username='myuser' or 'foo' = 'foo' --'' AND password='xxx'
SQLでは`--`はコメントを表します。そのため、検索クエリは途中で中断されます。攻撃者は合法的なユーザ名とパスワードを知らなくてもログインに成功します。

2
pt-br/09.4.md
View File

@@ -32,7 +32,7 @@ If the user inputs a user name or password as:
Then our SQL becomes the following:
SELECT * FROM user WHERE username='myuser' or 'foo'=='foo' --'' AND password='xxx'
SELECT * FROM user WHERE username='myuser' or 'foo' = 'foo' --'' AND password='xxx'
In SQL, anything after `--` is a comment. Thus, inserting the `--` as the attacker did above alters the query in a fatal way, allowing an attacker to successfully login as a user without a valid password.

2
zh/09.4.md
View File

@@ -35,7 +35,7 @@ SQL注入攻击SQL Injection简称注入攻击是Web开发中最常
那么我们的SQL变成了如下所示
```Go
SELECT * FROM user WHERE username='myuser' or 'foo'=='foo' --'' AND password='xxx'
SELECT * FROM user WHERE username='myuser' or 'foo' = 'foo' --'' AND password='xxx'
```
在SQL里面`--`是注释标记,所以查询语句会在此中断。这就让攻击者在不知道任何合法用户名和密码的情况下成功登录了。