我正在使用ActiveRecord::Base.sanitize方法来避免 SQL注入攻击。
我的问题是,无论我在哪里清理用户输入,都会返回输出,并在字符串开头的单引号之前和字符串末尾的单引号之后添加额外的双引号。
示例:
ActiveRecord::Base.sanitize("Test")
=> "'Test'"
我原以为它会返回"Test"或'Test'。为什么它会返回"'Test'" ??
谢谢, Sanjay Salunkhe
答案 0 :(得分:2)
sanitize按预期工作。这里的问题是Rails控制台:
ActiveRecord::Base.sanitize("Test")
=> "'Test'"
puts ActiveRecord::Base.sanitize("Test")
'Test'
=> nil
控制台会自动用额外的""。
包装结果答案 1 :(得分:0)
ActiveRecord::Base.sanitize已弃用,内部调用quote方法:
sanitize感谢@ jeffdill2的评论
input <- NULL
while (input != "X" | input != "x" | !is.null(input)){
input <- readline("Please enter the full path for your files, if you want to exit, enter 'X': ")
# Set default directory to the address provided by user
setwd(input)
if(input == 'X' | input == 'x'){
cat("\nYou Chose to exit, Bye!\n")
exit -1
}
}
FilesListCSV <- list.files(pattern="*.csv", ignore.case=TRUE)
FilesListXLSX <- list.files(pattern="*.xlsx", ignore.case=TRUE)
FilesListTXT <- list.files(pattern="*.txt", ignore.case=TRUE)
cat("There are ", length(FilesListCSV), " CSV file(s), ", length(FilesListXLSX),
" Excel File(s), and ", length(FilesListTXT), " Text File(s) in the folder.\n"
while (opt != "1" | opt != "2" | opt != "3" | !is.null(opt)){
cat("\nPlease choose extention to read files [1. for CSV, 2. for XLSX, 3. for TXT files.\n")
opt <- readline("Enter Your Option : ")
# Example code for reading csv files
if (opt == "1") {
library(dplyr)
library(readr)
read_file <- list.files(pattern = "*.csv") %>%
lapply(read.csv, stringsAsFactors=F) %>%
bind_rows
}
}
方法的目的是添加额外的单引号,如果有的话会破坏注入的SQL语句。