C ++以编程方式将字符串编码为字符串文字
[英]C++ Encode string to string literals programmatically
问题描述
I'm trying to persist text that is input from some user into a db, how would I encode these values? 
我试图将某些用户输入的文本保留到db中,如何编码这些值? I'm a n00b in C/C++ and am having trouble with my google fu skills.. 我是C / C ++的n00b,并且我的Google FU技能遇到了麻烦。
I'm using libpqxx and trying to do something like 我正在使用libpqxx并尝试做类似的事情
std::string sql = "insert into chat values (nextval('chat_seq'), '" + userInput + "');";
work.exec(sql);
but when userInput is something like 但是当userInput是像
I'm doing just fine
My insertion will fail. 我的插入将失败。 Thanks for your help. 谢谢你的帮助。
1 个解决方案
解决方案1
0 已采纳 2014-08-13 20:57:32
As mentioned in the comments, look up SQL injection, there is a ton of resource on it. 如注释中所述,查找SQL注入,上面有大量资源。
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet http://www.veracode.com/security/sql-injection https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet http://www.veracode.com/security/sql-injection
A good start would be to identify the characters that cause injection and escape them or remove/replace the characters. 一个好的开始是识别导致注入的字符并使其逃逸或删除/替换这些字符。
make sure userInput is a string and you have access to all the useful std string bits to do string maniupulation such as substr, replacement etc. 确保userInput是一个字符串,并且您可以访问所有有用的std字符串位来进行字符串操作,例如substr,replace等。
see: http://www.cplusplus.com/reference/string/string/ 参见: http : //www.cplusplus.com/reference/string/string/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.