{"id":505,"date":"2022-08-06T22:53:54","date_gmt":"2022-08-06T22:53:54","guid":{"rendered":"https:\/\/securitybriefing.net\/?p=505"},"modified":"2022-08-06T22:53:54","modified_gmt":"2022-08-06T22:53:54","slug":"sql-%ec%9d%b8%ec%a0%9d%ec%85%98-101-sqli-%eb%9e%80-%eb%ac%b4%ec%97%87%ec%9d%b4%eb%a9%b0-%ea%b3%b5%ea%b2%a9%ec%9d%84-%eb%b0%a9%ec%a7%80%ed%95%98%eb%8a%94-%eb%b0%a9%eb%b2%95","status":"publish","type":"post","link":"https:\/\/securitybriefing.net\/ko\/%eb%b3%b4%ec%95%88\/sql-%ec%9d%b8%ec%a0%9d%ec%85%98-101-sqli-%eb%9e%80-%eb%ac%b4%ec%97%87%ec%9d%b4%eb%a9%b0-%ea%b3%b5%ea%b2%a9%ec%9d%84-%eb%b0%a9%ec%a7%80%ed%95%98%eb%8a%94-%eb%b0%a9%eb%b2%95\/","title":{"rendered":"SQL \uc778\uc81d\uc158 101: SQLi\ub780 \ubb34\uc5c7\uc774\uba70 \uacf5\uaca9\uc744 \ubc29\uc9c0\ud558\ub294 \ubc29\ubc95"},"content":{"rendered":"

SQL \uc778\uc81d\uc158\uc774\ub780 \ubb34\uc5c7\uc778\uac00<\/strong><\/h2>\n\n\n

SQL \uc778\uc81d\uc158(SQLi)\uc740 \ubc94\uc8c4\uc790\uac00 \ucde8\uc57d\ud55c \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc5d0 \ub300\ud574 \uc545\uc758\uc801\uc778 SQL \ubb38\uc744 \uc2e4\ud589\ud560 \uc218 \uc788\uac8c \ud558\ub294 \uacf5\uaca9 \uc720\ud615\uc785\ub2c8\ub2e4. \uacf5\uaca9\uc790\ub294 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ubcf4\uc548 \uc870\uce58\ub97c \uc6b0\ud68c\ud558\uc5ec \uace0\uac1d \uc815\ubcf4, \uac1c\uc778 \ub370\uc774\ud130, \uc601\uc5c5 \ube44\ubc00 \ub4f1\uacfc \uac19\uc740 \ubbfc\uac10\ud55c \ub370\uc774\ud130\uc5d0 \uc811\uadfc\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc5ec\uae30\uc5d0\uc11c\ub294 SQL \uc778\uc81d\uc158, \uc791\ub3d9 \ubc29\uc2dd, \uacf5\uaca9\uc744 \ubc29\uc9c0\ud558\ub294 \ubc29\ubc95\uc5d0 \ub300\ud574 \ub17c\uc758\ud560 \uac83\uc785\ub2c8\ub2e4.<\/p>\n\n\n\n

SQL \uc778\uc81d\uc158 \uacf5\uaca9\uc740 SQL \ub370\uc774\ud130\ubca0\uc774\uc2a4\ub97c \uc0ac\uc6a9\ud558\ub294 \ubaa8\ub4e0 \uc6f9\uc0ac\uc774\ud2b8\uc5d0\uc11c \ubc1c\uc0dd\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc774 \uc720\ud615\uc758 \uacf5\uaca9\uc740 \uacf5\uaca9\uc790\uac00 \uc911\uc694\ud55c \ub370\uc774\ud130\uc5d0 \uc811\uadfc\ud560 \uc218 \uc788\uac8c \ud569\ub2c8\ub2e4. \uadf8\ub4e4\uc740 \uc18c\ube44\uc790 \uc815\ubcf4, \uac1c\uc778 \ub370\uc774\ud130, \uc601\uc5c5 \ube44\ubc00 \ubc0f \uc9c0\uc801 \uc7ac\uc0b0\uc744 \ubcfc \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc774\ub294 OWASP\uc5d0 \ub530\ub974\uba74 \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc5d0 \ub300\ud55c \uac00\uc7a5 \uc2ec\uac01\ud55c \uacf5\uaca9 \uc720\ud615 \uc911 \ud558\ub098\uc785\ub2c8\ub2e4.<\/p>\n\n\n

SQL \uc778\uc81d\uc158\uc758 \uc720\ud615<\/strong><\/h2>\n\n\n
\"SQL<\/figure>\n\n\n

\uc778\ubc34\ub4dc SQLi<\/strong><\/h3>\n\n\n

In-band SQL injection is an attack where the attacker uses the same channel to send and receive queries. In-band means that the response is obtained using the same communications medium. The attacker\u2019s goal is to get the response in a web browser immediately, if possible when carrying out the attack manually with a web browser.<\/p>\n\n\n\n

\uc778\ubc34\ub4dc SQL \uc778\uc81d\uc158\uc758 \uc608<\/strong><\/p>\n\n\n\n

The most common way for an attacker to do an in-band SQL injection is to change the request so they can see the personal information of the current user. This can be done by changing the value sent as part of the request. For example, if the statement was supposed to display the user\u2019s name, the attacker could change it so that their name is displayed instead.<\/p>\n\n\n\n

SELECT * FROM \uc0ac\uc6a9\uc790 WHERE \uc0ac\uc6a9\uc790_\uc544\uc774\ub514 LIKE '\ud604\uc7ac_\uc0ac\uc6a9\uc790'<\/pre>\n\n\n\n
\uc624\ub958 \uae30\ubc18 SQLi\uc640 \uc720\ub2c8\uc628 \uae30\ubc18 SQLi\ub294 \uc778\ubc34\ub4dc SQL \uc778\uc81d\uc158\uc758 \ub450 \uac00\uc9c0 \uac00\uc7a5 \ube48\ubc88\ud55c \ud615\ud0dc\uc785\ub2c8\ub2e4.<\/p>\n\n\n
\uc624\ub958 \uae30\ubc18 SQLi<\/strong><\/h4>\n\n\n
An error-based SQLi technique is an in-band SQL injection approach that takes advantage of database server error messages to discover the database\u2019s architecture. Error-based SQL injection is the most common type of in-band SQL injection.<\/p>\n\n\n\n
\uc624\ub958 \uae30\ubc18 SQLi\uc758 \uc608:<\/strong><\/p>\n\n\n\n
\uacf5\uaca9\uc790\uac00 \ub2e4\uc74c \uc790\uaca9 \uc99d\uba85\uc744 \uc0ac\uc6a9\ud558\uc5ec \ub85c\uadf8\uc778\ud558\ub824\uace0 \uc2dc\ub3c4\ud558\ub294 \uacbd\uc6b0:<\/p>\n\n\n\n
\uc0ac\uc6a9\uc790 \uc774\ub984: ' OR 'a'='a\ube44\ubc00\ubc88\ud638: anything<\/pre>\n\n\n\n
\ub370\uc774\ud130\ubca0\uc774\uc2a4\ub294 \ubb38\ubc95\uc801\uc73c\ub85c \uc798\ubabb\ub41c \ubb38\uc7a5 \ub54c\ubb38\uc5d0 \uc624\ub958\ub97c \ubc18\ud658\ud569\ub2c8\ub2e4. \uc624\ub958 \uba54\uc2dc\uc9c0\ub294 \uacf5\uaca9\uc790\uac00 \uc774\uc810\uc744 \ud65c\uc6a9\ud560 \uc218 \uc788\ub294 \ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0 \ub300\ud55c \uc815\ubcf4\ub97c \ub4dc\ub7ec\ub0bc \uac83\uc785\ub2c8\ub2e4.<\/p>\n\n\n
\uc720\ub2c8\uc628 \uae30\ubc18 SQLi:<\/strong><\/h4>\n\n\n
\uc778\ubc34\ub4dc SQL \uc778\uc81d\uc158\uc740 \ub450 \uac1c \uc774\uc0c1\uc758 SELECT \ubb38 \ucd9c\ub825\ubb3c\uc744 \uacb0\ud569\ud558\uae30 \uc704\ud574 UNION \uc5f0\uc0b0\uc790\ub97c \uc0ac\uc6a9\ud558\ub294 \uc6f9\uc0ac\uc774\ud2b8\uc5d0\uc11c \uc815\ubcf4\ub97c \uc5bb\ub294 \ubc29\ubc95\uc785\ub2c8\ub2e4.<\/p>\n\n\n
\ube14\ub77c\uc778\ub4dc SQL \uc778\uc81d\uc158<\/strong><\/h3>\n\n\n
\ube14\ub77c\uc778\ub4dc SQL \uc778\uc81d\uc158\uc740 \uacf5\uaca9\uc790\uac00 \ucc38 \ub610\ub294 \uac70\uc9d3 \uc751\ub2f5\uc744 \uc720\ub3c4\ud558\ub294 \uc9c8\ubb38\uc744 \ud558\uc5ec \ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0\uc11c \ub2f5\ubcc0\uc744 \uc5bb\uc73c\ub824\uace0 \ud558\ub294 \uacf5\uaca9\uc785\ub2c8\ub2e4. \uacf5\uaca9\uc790\ub294 \ud2b9\uc815 \ucf54\ub4dc\uac00 \uc0ac\uc6a9\ub420 \ub54c \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc774 \ub2e4\ub974\uac8c \uc751\ub2f5\ud558\ub294\uc9c0 \ud655\uc778\ud558\uae30 \uc704\ud574 \uc624\ub958 \uba54\uc2dc\uc9c0\ub97c \uc0ac\uc6a9\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n
\ud574\ucee4\uac00 SQL \uc778\uc81d\uc158\uc744 \uc0ac\uc6a9\ud560 \ub54c, \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc740 SQL \ucffc\ub9ac \uad6c\ubb38\uc774 \uc798\ubabb\ub418\uc5c8\ub2e4\ub294 \uc911\uc694\ud55c \ub370\uc774\ud130\ubca0\uc774\uc2a4 \uacbd\uace0 \uba54\uc2dc\uc9c0\ub97c \ud45c\uc2dc\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ube14\ub77c\uc778\ub4dc SQL \uc778\uc81d\uc158\uc740 \uc804\ud1b5\uc801\uc778 SQL \uc778\uc81d\uc158\uacfc \ub3d9\uc77c\ud55c \ubc29\uc2dd\uc73c\ub85c \uc791\ub3d9\ud558\uc9c0\ub9cc \ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0\uc11c \ub370\uc774\ud130\ub97c \uc5bb\ub294 \ubc29\ubc95\uc774 \ub2e4\ub985\ub2c8\ub2e4. \ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0 \uacf5\uaca9\uc790\uac00 \uc545\uc6a9\ud560 \uc218 \uc788\ub294 \ucda9\ubd84\ud55c \uc815\ubcf4\uac00 \uc5c6\ub294 \uacbd\uc6b0, \uacf5\uaca9\uc790\ub294 \ub370\uc774\ud130\ub97c \uc5bb\uae30 \uc704\ud574 \uc77c\ub828\uc758 \uc9c8\ubb38\uc744 \ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n\n\n\n
\ube14\ub77c\uc778\ub4dc SQL \uc778\uc81d\uc158\uc740 \ube14\ub77c\uc778\ub4dc-\ubd88\ub9ac\uc5b8 \uae30\ubc18 SQLi\uc640 \ube14\ub77c\uc778\ub4dc-\uc2dc\uac04 \uae30\ubc18 SQLi\ub85c \ub098\ub269\ub2c8\ub2e4.<\/p>\n\n\n
\ubd88\ub9ac\uc5b8 \uae30\ubc18 \ube14\ub77c\uc778\ub4dc SQLi<\/strong><\/h4>\n\n\n
\ubd88\ub9ac\uc5b8 \uae30\ubc18 \ube14\ub77c\uc778\ub4dc SQL \uc778\uc81d\uc158\uc740 \uacf5\uaca9\uc790\uac00 \ucc38 \ub610\ub294 \uac70\uc9d3 \uc751\ub2f5\uc744 \uc720\ub3c4\ud558\ub294 \uc9c8\ubb38\uc744 \ud558\uc5ec \ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0\uc11c \ub2f5\ubcc0\uc744 \uc5bb\uc73c\ub824\uace0 \ud558\ub294 \uacf5\uaca9\uc785\ub2c8\ub2e4. \uacf5\uaca9\uc790\ub294 \ud2b9\uc815 \ucf54\ub4dc\uac00 \uc0ac\uc6a9\ub420 \ub54c \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc774 \ub2e4\ub974\uac8c \uc751\ub2f5\ud558\ub294\uc9c0 \ud655\uc778\ud558\uae30 \uc704\ud574 \uc624\ub958 \uba54\uc2dc\uc9c0\ub97c \uc0ac\uc6a9\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n
\ubd88\ub9ac\uc5b8 \uae30\ubc18 \ube14\ub77c\uc778\ub4dc SQLi\uc758 \uc608:<\/p>\n\n\n\n
\uacf5\uaca9\uc790\uac00 \ub370\uc774\ud130\ubca0\uc774\uc2a4 \uc720\ud615\uc744 \uc54c\uc544\ub0b4\uace0 \uc2f6\ub2e4\uba74 \ub2e4\uc74c \ubb38\uc7a5\uc744 \uc0ac\uc6a9\ud560 \uac83\uc785\ub2c8\ub2e4:<\/p>\n\n\n\n
SELECT * FROM \uc0ac\uc6a9\uc790 WHERE \uc0ac\uc6a9\uc790_\uc544\uc774\ub514 LIKE '\ud604\uc7ac_\uc0ac\uc6a9\uc790' AND \ub370\uc774\ud130\ubca0\uc774\uc2a4() LIKE '%\uc720\ud615%'<\/pre>\n\n\n\n
\ub370\uc774\ud130\ubca0\uc774\uc2a4\uac00 MySQL\uc778 \uacbd\uc6b0 \ucd9c\ub825\uc740 \ub2e4\uc74c\uacfc \ube44\uc2b7\ud560 \uac83\uc785\ub2c8\ub2e4:<\/p>\n\n\n\n
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \u2018and database() like \u2018%type%\u201d at line<\/p>\n\n\n
\uc2dc\uac04 \uae30\ubc18 \ube14\ub77c\uc778\ub4dc SQL \uc778\uc81d\uc158<\/strong><\/h4>\n\n\n
\uc2dc\uac04 \uae30\ubc18 \ube14\ub77c\uc778\ub4dc \uacf5\uaca9\uc740 \ucffc\ub9ac\uac00 \ub354 \ub290\ub9ac\uac8c \uc2e4\ud589\ub418\ub3c4\ub85d \ud558\ub294 \ucf54\ub4dc\uc640 \ud568\uaed8 SQL \uba85\ub839\uc774 \uc11c\ubc84\uc5d0 \uc804\uc1a1\ub420 \ub54c \ubc1c\uc0dd\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n
Time-based Blind attacks allow attackers to extract data based on access time. Such an attack is known as a blind or inferential injection assault. This is a type of assault in which no data flows between the attacker and the database, but because there is no response, it\u2019s also known as a blind injection attack.<\/p>\n\n\n\n
\uc751\ub2f5 \uc2dc\uac04\uc740 \ub2f5\ubcc0\uc774 \uc62c\ubc14\ub978\uc9c0 \uc5ec\ubd80\ub97c \ub098\ud0c0\ub0c5\ub2c8\ub2e4. \uc751\ub2f5\uc774 \ubd80\uc815\uc801\uc774\uba74 \uce68\uc785\uc790\ub294 \ub2e4\ub978 \uc694\uccad\uc744 \ud560 \uac83\uc785\ub2c8\ub2e4. \uc774 \uacf5\uaca9 \uae30\ubc95\uc740 \ud574\ucee4\uac00 \ud2b9\ud788 \ub300\uaddc\ubaa8 \ub370\uc774\ud130\ubca0\uc774\uc2a4\ub97c \uacf5\uaca9\ud560 \ub54c \uac01 \ubb38\uc790\ub97c \uac1c\ubcc4\uc801\uc73c\ub85c \ucc98\ub9ac\ud574\uc57c \ud558\uae30 \ub54c\ubb38\uc5d0 \ub290\ub9bd\ub2c8\ub2e4.<\/p>\n\n\n\n
\ube14\ub77c\uc778\ub4dc SQLi\uc758 \uc608<\/strong><\/p>\n\n\n\n
\uc774 \uc608\uc5d0\uc11c \uacf5\uaca9\uc790\ub294 \ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0 id=999\uc778 \uc0ac\uc6a9\uc790\uac00 \uc874\uc7ac\ud558\ub294\uc9c0 \ud655\uc778\ud558\ub824\uace0 \ud569\ub2c8\ub2e4. \uc774\ub97c \uc704\ud574 \ub2e4\uc74c \ubb38\uc7a5\uc744 \uc0ac\uc6a9\ud569\ub2c8\ub2e4:<\/p>\n\n\n\n
IF(SUBSTRING((SELECT \ube44\ubc00\ubc88\ud638 FROM \uc0ac\uc6a9\uc790 WHERE \uc0ac\uc6a9\uc790_\uc544\uc774\ub514=999),0, LEN('\ube44\ubc00'))='\ube44\ubc00', SLEEP(30), '\uac70\uc9d3')<\/pre>\n\n\n\n
\ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0 id 999\uc778 \uc0ac\uc6a9\uc790\uac00 \uc874\uc7ac\ud558\uace0 \ube44\ubc00\ubc88\ud638\uac00 secret\uc778 \uacbd\uc6b0 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc740 30\ucd08 \ub3d9\uc548 \ub300\uae30\ud560 \uac83\uc785\ub2c8\ub2e4. \ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0 \uc0ac\uc6a9\uc790\uac00 \uc874\uc7ac\ud558\uc9c0 \uc54a\uc73c\uba74 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc740 false\ub97c \ubc18\ud658\ud569\ub2c8\ub2e4.<\/p>\n\n\n
\uc544\uc6c3\uc624\ube0c\ubc34\ub4dc SQLi<\/strong><\/h3>\n\n\n
\ub370\uc774\ud130\ub97c \ud6d4\uce58\ub824\ub294 \uc0ac\ub78c\uc740 \uc11c\ubc84\uc640 \ub2e4\ub978 \ucef4\ud4e8\ud130 \uac04\uc758 \uc77c\ubc18\uc801\uc778 \ud1b5\uc2e0\uc758 \uc77c\ubd80\uac00 \uc544\ub2cc \ubc29\uc2dd\uc73c\ub85c \ub370\uc774\ud130\ubca0\uc774\uc2a4 \uc11c\ubc84\uc5d0 SQL \ucf54\ub4dc\ub97c \ubcf4\ub0bc \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc774\ub294 DNS \ub610\ub294 HTTP \uc694\uccad\uc744 \ud1b5\ud574 \uc11c\ubc84\uc5d0 \uc815\ubcf4\ub97c \ubcf4\ub0b4\ub294 \ubc29\uc2dd\uc73c\ub85c \uc218\ud589\ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n
The app\u2019s response will not be affected by whether or not any data is returned, whether or not there is a problem with the database, or how long it takes to execute the query. Out-of-band can be used in network interactions to fire events at will. Depending on an injected condition, these may be activated conditionally to gain knowledge one bit at a time.<\/p>\n\n\n\n
Data can also leak via several networking protocols from network interactions. The visual represents the request sent from the web application to the app\u2019s database.<\/p>\n\n\n\n
\uc544\uc6c3\uc624\ube0c\ubc34\ub4dc SQLi\uc758 \uc608<\/strong><\/p>\n\n\n\n
\uc774 \uc608\uc5d0\uc11c \uacf5\uaca9\uc790\ub294 \ud2b9\uc815 \uc0ac\uc6a9\uc790\uac00 \ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0 \uc874\uc7ac\ud558\ub294\uc9c0 \ud655\uc778\ud558\ub824\uace0 \ud569\ub2c8\ub2e4. \uc774\ub97c \uc704\ud574 \ub2e4\uc74c \ubb38\uc7a5\uc744 \uc0ac\uc6a9\ud569\ub2c8\ub2e4:<\/p>\n\n\n\n
SELECT user_id FROM users WHERE username='$username' AND password='$password' LIMIT 0,0 UNION SELECT NULL,'' INTO OUTFILE '\/var\/opt\/databases\/$filename.php'; --<\/pre>\n\n\n\n
\ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0 \uc0ac\uc6a9\uc790\uac00 \uc874\uc7ac\ud558\uba74 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc740 \uc0ac\uc6a9\uc790 ID\ub97c \ubc18\ud658\ud569\ub2c8\ub2e4. \ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0 \uc0ac\uc6a9\uc790\uac00 \uc874\uc7ac\ud558\uc9c0 \uc54a\uc73c\uba74 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc740 \uc2dc\uc2a4\ud15c \uba85\ub839\uc744 \uc2e4\ud589\ud560 \uc218 \uc788\ub294 PHP \ucf54\ub4dc\uac00 \ud3ec\ud568\ub41c \ud30c\uc77c\uc744 \uc0dd\uc131\ud569\ub2c8\ub2e4. \uacf5\uaca9\uc790\ub294 \uc774 \ud30c\uc77c\uc744 \uc0ac\uc6a9\ud558\uc5ec \uc11c\ubc84\uc5d0\uc11c \uba85\ub839\uc744 \uc2e4\ud589\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n
SQL \uc778\uc81d\uc158 \ubc29\uc9c0 \ubc29\ubc95<\/strong><\/h2>\n\n\n
The best way to protect against SQL injection attacks is to use input validation, prepared statements, and parametrized queries. The code should never make direct use of the user\u2019s input. Developers must sanitize all input instead of simply web form inputs such as login forms. Single quotes should be eliminated from any questionable code components. It\u2019s also a good idea to hide database problems on live sites to avoid inadvertently revealing them. SQL injection may provide information about a database system that attackers can use to their advantage.<\/p>\n\n\n\n
If you find a problem with your website, you should take it offline immediately and contact your hosting provider. They can help you determine whether or not your site has been compromised and what steps you need to take to fix the problem. In the meantime, ensure that all of your website\u2019s users know about the problem and change their passwords as soon as possible.<\/p>\n\n\n
SQL \uc778\uc81d\uc158\uc744 \ud53c\ud558\uae30 \uc704\ud55c \uc608\ubc29 \ud301<\/strong><\/h2>\n\n\n
\ud504\ub85c\uadf8\ub798\ubc0d \uc5b8\uc5b4\uc640 \ub370\uc774\ud130\ubca0\uc774\uc2a4 \uc124\uc815\uc5d0\uc11c SQL \uc778\uc81d\uc158 \ucde8\uc57d\uc131\uc744 \ud53c\ud558\ub294 \uba87 \uac00\uc9c0 \ubc29\ubc95\uc774 \uc788\uc2b5\ub2c8\ub2e4. \uc774\ub7ec\ud55c \uae30\uc220\uc740 XML\uacfc \uac19\uc740 \ub300\ubd80\ubd84\uc758 \ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0\uc11c \uc0ac\uc6a9\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc774\ub7ec\ud55c \uae30\uc220\uc744 \uc0ac\uc6a9\ud558\uc5ec \ub370\uc774\ud130\ubca0\uc774\uc2a4\ub97c \ub354 \uc548\uc804\ud558\uac8c \ub9cc\ub4e4 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n
1) \uc801\uc808\ud558\uac8c \uad6c\uc131\ub41c \uc800\uc7a5 \ud504\ub85c\uc2dc\uc800 \uc0ac\uc6a9<\/h3>\n\n\n
\ucd08\ubcf4\uc790\ub294 \ubcc0\uc218\ub85c \ubb38\uc7a5\uc744 \uc0dd\uc131\ud558\ub294 \ubc29\ubc95\uc744 \ubc30\uc6b0\ub294 \uac83\uc73c\ub85c \uc2dc\uc791\ud574\uc57c \ud569\ub2c8\ub2e4. \uc774\ub294 \ub3d9\uc801 \ucffc\ub9ac\ub97c \uc0dd\uc131\ud558\ub294 \uac83\ubcf4\ub2e4 \uc27d\uace0 \uc774\ud574\ud558\uae30 \uc27d\uc2b5\ub2c8\ub2e4. \ub9e4\uac1c\ubcc0\uc218\ud654\ub41c \ucffc\ub9ac\ub294 \uac1c\ubc1c\uc790\uac00 \ubaa8\ub4e0 SQL \ucf54\ub4dc\ub97c \uc0dd\uc131\ud55c \ub2e4\uc74c \ub098\uc911\uc5d0 \uac01 \ub9e4\uac1c\ubcc0\uc218\ub97c \uc81c\uacf5\ud558\ub294 \ubc29\ubc95\uc785\ub2c8\ub2e4. \uc774 \ubc29\ubc95\uc740 \ub370\uc774\ud130\ubca0\uc774\uc2a4\uac00 \uc18c\uc2a4 \ucf54\ub4dc\uc640 \uc815\ubcf4\ub97c \uad6c\ubcc4\ud560 \uc218 \uc788\uac8c \ud569\ub2c8\ub2e4.<\/p>\n\n\n\n
Prepared statements help ensure that a query\u2019s goal is not changed, even if someone tries to give SQL instructions.<\/p>\n\n\n
2) \ud5c8\uc6a9 \ubaa9\ub85d \uc785\ub825 \uc720\ud6a8\uc131 \uac80\uc0ac<\/h3>\n\n\n
SQL queries use bind variables in specific places for data. For example, if you\u2019re using Python, you would use the %s<\/strong> \ud50c\ub808\uc774\uc2a4\ud640\ub354. \uc815\uaddc \ud45c\ud604\uc2dd\uc744 \uc0ac\uc6a9\ud558\uc5ec \uac01 \ubc14\uc778\ub4dc \ubcc0\uc218\uc5d0 \ud5c8\uc6a9\ub418\ub294 \ubb38\uc790\uc5d0 \ub300\ud55c \ud5c8\uc6a9 \ubaa9\ub85d\uacfc \uc0ac\uc6a9\uc790 \uc785\ub825\uc744 \uac80\uc99d\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n
If you\u2019re using JavaScript, you can use \\w<\/strong> \uc54c\ud30c\ubcb3\uacfc \ubc11\uc904 \ubb38\uc790\ub97c \uc77c\uce58\uc2dc\ud0b5\ub2c8\ub2e4.<\/p>\n\n\n\n
\ud5c8\uc6a9 \ubaa9\ub85d\uc740 \uc624\ud0d0\uc9c0\ub97c \ud53c\ud558\uae30 \uc704\ud574 \uac00\ub2a5\ud55c \ud55c \uad6c\uccb4\uc801\uc774\uc5b4\uc57c \ud569\ub2c8\ub2e4.<\/p>\n\n\n\n
For example, if you\u2019re looking for a US phone number, you would use the following regular expression:<\/p>\n\n\n\n
\/^\\d{11}$\/<\/pre>\n\n\n\n
This would match a string of 11 digits that could be a phone number. If someone tried to submit something like \u2018abcdef<\/strong>\u2018, it would not match, and the input would be invalid.<\/p>\n\n\n\n
This will help make sure your data is safe and sound. If you need to use values from code instead of user parameters, that\u2019s okay too!<\/p>\n\n\n\n
\uadf8\ub7ec\ub098 \uc0ac\uc6a9\uc790 \ub9e4\uac1c\ubcc0\uc218 \uac12\uc774 \ud2b9\uc815 \ud14c\uc774\ube14 \ubc0f \uc5f4 \uc774\ub984\uc744 \ub300\uc0c1\uc73c\ub85c \ud558\ub294 \uacbd\uc6b0, \ub9e4\uac1c\ubcc0\uc218 \uac12\uc740 \uac80\uc99d\ub418\uc9c0 \uc54a\uc740 \uc0ac\uc6a9\uc790 \uc785\ub825\uc774 \ucffc\ub9ac\uc5d0 \ub4e4\uc5b4\uac00\uc9c0 \uc54a\ub3c4\ub85d \ud574\ub2f9 \ud14c\uc774\ube14 \ubc0f \uc5f4 \uc774\ub984\uc5d0 \ub9e4\ud551\ub418\uc5b4\uc57c \ud569\ub2c8\ub2e4.<\/p>\n\n\n
3) \ud654\uc774\ud2b8\ub9ac\uc2a4\ud2b8 \uc0ac\uc6a9<\/h3>\n\n\n
\ub098\uc05c \ubb38\uc790\uc758 \ube14\ub799\ub9ac\uc2a4\ud2b8\ub97c \uae30\ubc18\uc73c\ub85c \uc0ac\uc6a9\uc790 \uc785\ub825\uc744 \ud544\ud130\ub9c1\ud558\uc9c0 \ub9c8\uc2ed\uc2dc\uc624. \ud2b9\uc815 \ud544\ub4dc\uc5d0\uc11c \uc608\uc0c1\ub418\ub294 \uc88b\uc740 \ubb38\uc790\uc758 \ud5c8\uc6a9 \ubaa9\ub85d\uc744 \uc0ac\uc6a9\ud558\ub294 \uac83\uc774 \ud6e8\uc52c \ub354 \ud6a8\uacfc\uc801\uc785\ub2c8\ub2e4. \uc774\ub807\uac8c \ud558\uba74 SQL \uc778\uc81d\uc158 \uacf5\uaca9\uc744 \uc2dc\uc791\ud558\uae30 \uc804\uc5d0 \uc911\uc9c0\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n
\uc608\ub97c \ub4e4\uc5b4, \uc804\ud654\ubc88\ud638\ub97c \uae30\ub300\ud558\ub294 \uacbd\uc6b0 \uc785\ub825 \ud544\ub4dc\uc5d0 \uc22b\uc790\uc640 \ub300\uc2dc\ub9cc \ud5c8\uc6a9\ud558\uc2ed\uc2dc\uc624. \uc774\uba54\uc77c \uc8fc\uc18c\ub97c \uae30\ub300\ud558\ub294 \uacbd\uc6b0 \uc774\uba54\uc77c \uc8fc\uc18c\uc5d0\uc11c \uc720\ud6a8\ud55c \ubb38\uc790\ub9cc \ud5c8\uc6a9\ud558\uc2ed\uc2dc\uc624.<\/p>\n\n\n
4) \ucd5c\uc2e0 \ud50c\ub7ab\ud3fc \uc0ac\uc6a9<\/h3>\n\n\n
PHP\ub294 \uc774\uc804 \uc6f9 \uac1c\ubc1c \ud50c\ub7ab\ud3fc\uc5d0\uc11c SQLi \ubcf4\ud638 \uae30\ub2a5\uc774 \uc5c6\uc2b5\ub2c8\ub2e4. \uc0ac\uc6a9 \uac00\ub2a5\ud55c \ud504\ub85c\uadf8\ub798\ubc0d \ud658\uacbd, \uc5b8\uc5b4 \ubc0f \uad00\ub828 \uae30\uc220\uc758 \ucd5c\uc2e0 \ubc84\uc804\uc744 \uc0ac\uc6a9\ud558\uc2ed\uc2dc\uc624. \uc774 \uc608\uc5d0\uc11c\ub294 PHP \ub300\uc2e0 PDO\ub97c \uc0ac\uc6a9\ud558\uc2ed\uc2dc\uc624.<\/p>\n\n\n
5) \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc744 \uc815\uae30\uc801\uc73c\ub85c \uc2a4\uce94\ud558\uc2ed\uc2dc\uc624<\/h3>\n\n\n
SQL \uc778\uc81d\uc158\uc740 \ub9e4\uc6b0 \ubc1c\uacac\ud558\uae30 \uc5b4\ub824\uc6b8 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc815\uae30\uc801\uc73c\ub85c \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc758 \ucde8\uc57d\uc131\uc744 \uc2a4\uce94\ud558\ub294 \uac83\uc774 \uc911\uc694\ud569\ub2c8\ub2e4.<\/p>\n\n\n
6) \ucd5c\uc18c \uad8c\ud55c \uac15\uc81c<\/h3>\n\n\n
\ucd5c\uc18c \uad8c\ud55c \uc6d0\uce59\uc740 \uc0ac\uc6a9\uc790\uac00 \uc791\uc5c5\uc744 \uc218\ud589\ud558\ub294 \ub370 \ud544\uc694\ud55c \ucd5c\uc18c\ud55c\uc758 \uc561\uc138\uc2a4\ub85c \uc81c\ud55c\ud558\ub294 \ubcf4\uc548 \uac1c\ub150\uc785\ub2c8\ub2e4. \uc5ec\uae30\uc5d0\ub294 \uc0ac\uc6a9\uc790\uac00 \uac00\uc9c0\uace0 \uc788\ub294 \uacc4\uc815 \uc218\uc640 \ud574\ub2f9 \uacc4\uc815\uc774 \uac00\uc9c4 \uad8c\ud55c\uc744 \uc81c\ud55c\ud558\ub294 \uac83\uc774 \ud3ec\ud568\ub429\ub2c8\ub2e4.<\/p>\n\n\n\n
\uae30\ub2a5\uc5d0 \ub300\ud55c \ucd5c\uc18c \uc81c\ud55c(LRF)\uc740 \uc0ac\uc6a9\uc790 \uad8c\ud55c, \uacc4\uc815 \ubc0f \ucef4\ud4e8\ud305 \ud504\ub85c\uc138\uc2a4\ub97c \uae30\ubcf8\uc801\uc774\uace0 \ud5c8\uc6a9 \uac00\ub2a5\ud55c \uc791\uc5c5\uc5d0 \ud544\uc694\ud55c \ub9ac\uc18c\uc2a4\ub85c\ub9cc \uc81c\ud55c\ud558\ub294 \uad00\ud589 \ubc0f \uac1c\ub150\uc785\ub2c8\ub2e4. \uc774\ub294 \uc0ac\ub78c\ub4e4\uc774 \uc791\uc5c5\uc744 \ud6a8\uacfc\uc801\uc73c\ub85c \uc218\ud589\ud558\ub294 \ub370 \ud544\uc694\ud55c \ucd5c\uc18c\ud55c\uc758 \uc0ac\uc6a9\uc790 \uad8c\ud55c \ub610\ub294 \uad8c\ud55c \uc218\uc900\uc744 \uc720\uc9c0\ud558\ub294 \ub370 \ub3c4\uc6c0\uc774 \ub429\ub2c8\ub2e4.<\/p>\n\n\n\n
\ucd5c\uc18c \uad8c\ud55c\uc740 \uc560\ud50c\ub9ac\ucf00\uc774\uc158, \uc2dc\uc2a4\ud15c \ubc0f \uc7a5\uce58\uac00 \ud2b9\uc815 \uc791\uc5c5\uc744 \uc218\ud589\ud558\ub294 \ub370 \ud544\uc694\ud55c \uad8c\ud55c\ub9cc \uac00\uc9c0\ub3c4\ub85d \uc694\uad6c\ud558\ub294 \ubcf4\uc548 \uc6d0\uce59\uc785\ub2c8\ub2e4. \uc774\ub807\uac8c \ud558\uba74 \ub204\uad70\uac00\uac00 \ucde8\uc57d\uc810\uc744 \uc545\uc6a9\ud558\uc5ec \ud53c\ud574\ub97c \uc785\ud790 \uacbd\uc6b0 \uc601\ud5a5\uc744 \uc81c\ud55c\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc774\ub294 \uc0ac\uc6a9\uc790\uac00 \ud544\uc694 \uc774\uc0c1\uc73c\ub85c \ub9ce\uc740 \uad8c\ud55c\uc744 \ubd80\uc5ec\ubc1b\ub294 \uac83\uacfc \ub300\uc870\ub418\uba70, \uc774\ub294 SQL \uacf5\uaca9\uc5d0\uc11c \uc2ec\uac01\ud55c \ud53c\ud574\uc758 \uc704\ud5d8\uc744 \uc99d\uac00\uc2dc\ud0b5\ub2c8\ub2e4.<\/p>\n\n\n
SQL Injection \u2013 Frequently asked questions<\/strong><\/h2>\n\n\n
\u00a0<\/div><\/div>\n\n\n\n
\n
\uac00\uc7a5 \uc77c\ubc18\uc801\uc778 SQL \uc0bd\uc785\uc740 \ubb34\uc5c7\uc778\uac00\uc694?<\/strong>\n
\uc778\ubc34\ub4dc SQL \uc0bd\uc785\uc740 \uac00\uc7a5 \uc77c\ubc18\uc801\uc778 \uc720\ud615\uc758 SQL \uc0bd\uc785 \uacf5\uaca9\uc785\ub2c8\ub2e4. \uacf5\uaca9\uc790\uac00 \ub3d9\uc77c\ud55c \ud1b5\uc2e0 \ucc44\ub110\uc744 \uc0ac\uc6a9\ud558\uc5ec \ud398\uc774\ub85c\ub4dc\ub97c \uc804\ub2ec\ud558\uace0 \uacb0\uacfc\ub97c \uc218\uc9d1\ud560 \uc218 \uc788\uc744 \ub54c \ubc1c\uc0dd\ud569\ub2c8\ub2e4.<\/p>\n<\/div>\n
SQL \uc778\uc81d\uc158\uc5d0 \ub300\ud55c \ucd5c\uace0\uc758 \ubc29\uc5b4\ub294 \ubb34\uc5c7\uc785\ub2c8\uae4c?<\/strong>\n
SQL \uc0bd\uc785\uc5d0 \ub300\ud55c \ucd5c\uace0\uc758 \ubc29\uc5b4\ub294 \ub9e4\uac1c\ubcc0\uc218\ud654\ub41c \ucffc\ub9ac\ub97c \uc0ac\uc6a9\ud558\ub294 \uac83\uc785\ub2c8\ub2e4. \uc774 \uc720\ud615\uc758 \ucffc\ub9ac\ub294 \ub9e4\uac1c\ubcc0\uc218\uc5d0 \ub300\ud55c \uc790\ub9ac \ud45c\uc2dc\uc790 \uac12\uc744 \uc0ac\uc6a9\ud558\uba70, \uc774\ub294 \ub098\uc911\uc5d0 \uc81c\uacf5\ub429\ub2c8\ub2e4. \uc774 \ubc29\ubc95\uc740 \ub370\uc774\ud130\ubca0\uc774\uc2a4\uac00 \uc18c\uc2a4 \ucf54\ub4dc\uc640 \uc815\ubcf4\ub97c \uad6c\ubcc4\ud560 \uc218 \uc788\ub3c4\ub85d \ud569\ub2c8\ub2e4.<\/p>\n<\/div>\n
SQL \uc778\uc81d\uc158\uc740 \uc5b4\ub5bb\uac8c \ud0d0\uc9c0\ub429\ub2c8\uae4c?<\/strong>\n
SQL \uc778\uc81d\uc158\uc740 \uc5ec\ub7ec \uac00\uc9c0 \ubc29\ubc95\uc73c\ub85c \ud0d0\uc9c0\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ud55c \uac00\uc9c0 \ubc29\ubc95\uc740 \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ubc29\ud654\ubcbd(WAF)\uc744 \uc0ac\uc6a9\ud558\ub294 \uac83\uc785\ub2c8\ub2e4. WAF\ub294 \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uacfc \uc778\ud130\ub137 \uc0ac\uc774\uc5d0 \uc704\uce58\ud55c \ud558\ub4dc\uc6e8\uc5b4 \ub610\ub294 \uc18c\ud504\ud2b8\uc6e8\uc5b4\uc785\ub2c8\ub2e4. \uc774\ub294 \uc545\uc758\uc801\uc778 \ud65c\ub3d9\uc744 \uac80\uc0ac\ud558\uace0 SQL \uc778\uc81d\uc158 \uacf5\uaca9\uc744 \ucc28\ub2e8\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/div>\n
2\ucc28 SQL \uc778\uc81d\uc158\uc774\ub780 \ubb34\uc5c7\uc778\uac00\uc694?<\/strong>\n
2\ucc28 SQL \uc778\uc81d\uc158\uc740 \uacf5\uaca9\uc790\uac00 \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc5d0 \uc758\ud574 \uc800\uc7a5\ub41c \ud398\uc774\ub85c\ub4dc\ub97c \uc8fc\uc785\ud558\uace0 \ub098\uc911\uc5d0 \uc2e4\ud589\ub420 \uc218 \uc788\uc744 \ub54c \ubc1c\uc0dd\ud569\ub2c8\ub2e4. \uc774 \uc720\ud615\uc758 \uacf5\uaca9\uc740 \uc800\uc7a5\ub41c \ud398\uc774\ub85c\ub4dc\uc758 \uc2e4\ud589\uc744 \ud2b8\ub9ac\uac70\ud560 \uc218 \uc788\ub294 \ubc29\ubc95\uc774 \ud544\uc694\ud558\uae30 \ub54c\ubb38\uc5d0 \ub2ec\uc131\ud558\uae30\uac00 \ub354 \uc5b4\ub835\uc2b5\ub2c8\ub2e4.<\/p>\n<\/div>\n
\ube14\ub77c\uc778\ub4dc SQL \uc778\uc81d\uc158\uc774\ub780 \ubb34\uc5c7\uc778\uac00\uc694?<\/strong>\n
\ube14\ub77c\uc778\ub4dc SQL \uc778\uc81d\uc158\uc740 \uacf5\uaca9\uc790\uac00 \uc790\uc2e0\uc758 \ud398\uc774\ub85c\ub4dc \uacb0\uacfc\ub97c \uc9c1\uc811 \ubcf4\uc9c0 \uc54a\uace0 \uc218\ud589\ud558\ub294 \uacf5\uaca9\uc785\ub2c8\ub2e4. \ub300\uc2e0, \ucc38 \ub610\ub294 \uac70\uc9d3 \ubb38\uc7a5\uc744 \uc0ac\uc6a9\ud558\uc5ec \ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0\uc11c \uc815\ubcf4\ub97c \ucd94\ub860\ud574\uc57c \ud569\ub2c8\ub2e4. \uc774 \uc720\ud615\uc758 \uacf5\uaca9\uc740 \uc2e4\ud589\ud558\uae30 \ub354 \uc5b4\ub824\uc6b8 \uc218 \uc788\uc9c0\ub9cc \ub2e4\ub978 \uc720\ud615\uc758 SQL \uc778\uc81d\uc158\ub9cc\ud07c \uc704\ud5d8\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/div>\n
\uc2a4\ud0dd\ub41c \ucffc\ub9ac\ub780 \ubb34\uc5c7\uc778\uac00\uc694?<\/strong>\n
\uc2a4\ud0dd \ucffc\ub9ac\ub294 \uacf5\uaca9\uc790\uac00 \uc5ec\ub7ec \ucffc\ub9ac\ub97c \uc0ac\uc6a9\ud558\uc5ec \ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0\uc11c \uc815\ubcf4\ub97c \ucd94\ucd9c\ud558\ub294 SQL \uc778\uc81d\uc158\uc758 \ud55c \uc720\ud615\uc785\ub2c8\ub2e4. \uc774 \uc720\ud615\uc758 \uacf5\uaca9\uc740 \uc2e4\ud589\ud558\uae30 \ub354 \uc5b4\ub835\uc9c0\ub9cc \uc131\uacf5\ud558\uba74 \ub9e4\uc6b0 \uc704\ud5d8\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/div>\n
\uc624\ub958 \uae30\ubc18 SQL \uc0bd\uc785\uc774\ub780 \ubb34\uc5c7\uc785\ub2c8\uae4c?<\/strong>\n
\uc624\ub958 \uae30\ubc18 SQL \uc778\uc81d\uc158\uc740 \uacf5\uaca9\uc790\uac00 \ub370\uc774\ud130\ubca0\uc774\uc2a4 \uc624\ub958\ub97c \uc0ac\uc6a9\ud558\uc5ec \ub370\uc774\ud130\ubca0\uc774\uc2a4\uc5d0\uc11c \uc815\ubcf4\ub97c \ucd94\ub860\ud558\ub294 \uacf5\uaca9\uc785\ub2c8\ub2e4. \uc774 \uacf5\uaca9\uc740 \uc2e4\ud589\ud558\uae30 \ub354 \uc5b4\ub824\uc6b8 \uc218 \uc788\uc9c0\ub9cc \uc131\uacf5\ud558\uba74 \ub9e4\uc6b0 \uc704\ud5d8\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"
SQL \uc778\uc81d\uc158\uc774\ub780 SQL \uc778\uc81d\uc158(SQLi)\uc740 \ubc94\uc8c4\uc790\uac00 \ucde8\uc57d\ud55c \uc6f9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc5d0 \ub300\ud574 \uc545\uc131 SQL \ubb38\uc744 \uc2e4\ud589\ud560 \uc218 \uc788\ub3c4\ub85d \ud558\ub294 \uacf5\uaca9\uc758 \ud55c \uc720\ud615\uc785\ub2c8\ub2e4. \uacf5\uaca9\uc790\ub294 \ub2e4\uc74c\uacfc \uac19\uc740 \ubbfc\uac10\ud55c \ub370\uc774\ud130\uc5d0 \uc561\uc138\uc2a4\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. SQL \uc778\uc81d\uc158 101: SQLi\ub780 \ubb34\uc5c7\uc774\uba70 \uacf5\uaca9\uc744 \ubc29\uc9c0\ud558\ub294 \ubc29\ubc95<\/span> \uacc4\uc18d \uc77d\uae30<\/strong><\/a><\/p>","protected":false},"author":1,"featured_media":644,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[],"class_list":["post-505","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","entry"],"yoast_head":"\nWhat is SQLi and How to Prevent Attacks | securitybriefing<\/title>\n<meta name=\"description\" content=\"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/securitybriefing.net\/ko\/\ubcf4\uc548\/sql-\uc778\uc81d\uc158-101-sqli-\ub780-\ubb34\uc5c7\uc774\uba70-\uacf5\uaca9\uc744-\ubc29\uc9c0\ud558\ub294-\ubc29\ubc95\/\" \/>\n<meta property=\"og:locale\" content=\"ko_KR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is SQLi and How to Prevent Attacks | securitybriefing\" \/>\n<meta property=\"og:description\" content=\"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/securitybriefing.net\/ko\/\ubcf4\uc548\/sql-\uc778\uc81d\uc158-101-sqli-\ub780-\ubb34\uc5c7\uc774\uba70-\uacf5\uaca9\uc744-\ubc29\uc9c0\ud558\ub294-\ubc29\ubc95\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Briefing\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-06T22:53:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\" \/>\n\t<meta property=\"og:image:width\" content=\"558\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\uae00\uc4f4\uc774\" \/>\n\t<meta name=\"twitter:data1\" content=\"security\" \/>\n\t<meta name=\"twitter:label2\" content=\"\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04\" \/>\n\t<meta name=\"twitter:data2\" content=\"11\ubd84\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\"},\"author\":{\"name\":\"security\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/e99d7bfcfc8ecee5ed34ef3f0416ee81\"},\"headline\":\"SQL Injection 101: What is SQLi and How to Prevent Attacks\",\"datePublished\":\"2022-08-06T22:53:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\"},\"wordCount\":2130,\"publisher\":{\"@id\":\"https:\/\/securitybriefing.net\/#organization\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"articleSection\":[\"Security\"],\"inLanguage\":\"ko-KR\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\",\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\",\"name\":\"What is SQLi and How to Prevent Attacks | securitybriefing\",\"isPartOf\":{\"@id\":\"https:\/\/securitybriefing.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"datePublished\":\"2022-08-06T22:53:54+00:00\",\"description\":\"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.\",\"breadcrumb\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814\"}],\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\",\"url\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"contentUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"width\":558,\"height\":500,\"caption\":\"sql injection\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/securitybriefing.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SQL Injection 101: What is SQLi and How to Prevent Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/securitybriefing.net\/#website\",\"url\":\"https:\/\/securitybriefing.net\/\",\"name\":\"Security Briefing\",\"description\":\"Read cybersecurity news, online safety guides, cyber threat updates, and use free security tools from Security Briefing.\",\"publisher\":{\"@id\":\"https:\/\/securitybriefing.net\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/securitybriefing.net\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ko-KR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/securitybriefing.net\/#organization\",\"name\":\"Security Briefing\",\"url\":\"https:\/\/securitybriefing.net\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png\",\"contentUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png\",\"width\":256,\"height\":70,\"caption\":\"Security Briefing\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/e99d7bfcfc8ecee5ed34ef3f0416ee81\",\"name\":\"security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g\",\"caption\":\"security\"},\"description\":\"admin is a senior staff writer for Government Technology. She previously wrote for PYMNTS and The Bay State Banner, and holds a B.A. in creative writing from Carnegie Mellon. She\u2019s based outside Boston.\",\"sameAs\":[\"http:\/\/securitybriefing.net\"],\"url\":\"https:\/\/securitybriefing.net\/ko\/author\/security\/\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348\",\"position\":1,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348\",\"name\":\"What is the most common SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"In-band SQL injection is the most common type of SQL injection attack. It occurs when an attacker can use the same communication channel to deliver the payload and gather results.\",\"inLanguage\":\"ko-KR\"},\"inLanguage\":\"ko-KR\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832\",\"position\":2,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832\",\"name\":\"What is the best defense of SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The best defense against SQL injection is to use parameterized queries. This type of query uses placeholder values for parameters, which are supplied at a later date. This method allows the database to identify between source code and information.\",\"inLanguage\":\"ko-KR\"},\"inLanguage\":\"ko-KR\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670\",\"position\":3,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670\",\"name\":\"How is SQL injection detected?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"SQL injection can be detected in several ways. One method is to use a web application firewall (WAF). A WAF is a piece of hardware or software that sits between a web application and the internet. It inspects traffic for malicious activity and can block SQL injection attacks.\",\"inLanguage\":\"ko-KR\"},\"inLanguage\":\"ko-KR\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103\",\"position\":4,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103\",\"name\":\"What is second-order SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Second-order SQL injection occurs when an attacker can inject a payload that is stored by the web application and then later executed. This type of attack is more difficult to achieve because the attacker must have a way to trigger the execution of the stored payload.\",\"inLanguage\":\"ko-KR\"},\"inLanguage\":\"ko-KR\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267\",\"position\":5,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267\",\"name\":\"What is blind SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Blind SQL injection is an attack where the attacker does not directly see the results of their payload. Instead, they must use true or false statements to infer information from the database. This type of attack is more challenging to execute but can be just as dangerous as other types of SQL injection.\",\"inLanguage\":\"ko-KR\"},\"inLanguage\":\"ko-KR\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781\",\"position\":6,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781\",\"name\":\"What is a stacked query?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"A stacked query is a type of SQL injection where the attacker uses multiple queries to extract information from the database. This type of attack is more challenging to execute but can be very dangerous if successful.\",\"inLanguage\":\"ko-KR\"},\"inLanguage\":\"ko-KR\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814\",\"position\":7,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814\",\"name\":\"What is an error-based SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Error-based SQL injection is an attack where the attacker uses database errors to infer information from the database. This attack is more challenging to execute but can be very dangerous if successful.\",\"inLanguage\":\"ko-KR\"},\"inLanguage\":\"ko-KR\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SQLi\ub780 \ubb34\uc5c7\uc774\uba70 \uacf5\uaca9\uc744 \ubc29\uc9c0\ud558\ub294 \ubc29\ubc95 | securitybriefing","description":"SQL \uc778\uc81d\uc158\uc758 \uae30\ucd08\ub97c \ubc30\uc6b0\uc138\uc694. SQL \uc778\uc81d\uc158\uc774\ub780 \ubb34\uc5c7\uc774\uba70, \uc5b4\ub5bb\uac8c \uc791\ub3d9\ud558\uace0, \uacf5\uaca9\uc73c\ub85c\ubd80\ud130 \uc0ac\uc774\ud2b8\ub97c \ubcf4\ud638\ud558\ub294 \ubc29\ubc95\uc740 \ubb34\uc5c7\uc778\uac00\uc694?.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/securitybriefing.net\/ko\/\ubcf4\uc548\/sql-\uc778\uc81d\uc158-101-sqli-\ub780-\ubb34\uc5c7\uc774\uba70-\uacf5\uaca9\uc744-\ubc29\uc9c0\ud558\ub294-\ubc29\ubc95\/","og_locale":"ko_KR","og_type":"article","og_title":"What is SQLi and How to Prevent Attacks | securitybriefing","og_description":"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.","og_url":"https:\/\/securitybriefing.net\/ko\/\ubcf4\uc548\/sql-\uc778\uc81d\uc158-101-sqli-\ub780-\ubb34\uc5c7\uc774\uba70-\uacf5\uaca9\uc744-\ubc29\uc9c0\ud558\ub294-\ubc29\ubc95\/","og_site_name":"Security Briefing","article_published_time":"2022-08-06T22:53:54+00:00","og_image":[{"width":558,"height":500,"url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","type":"image\/png"}],"author":"security","twitter_card":"summary_large_image","twitter_misc":{"\uae00\uc4f4\uc774":"security","\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04":"11\ubd84"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#article","isPartOf":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/"},"author":{"name":"security","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/e99d7bfcfc8ecee5ed34ef3f0416ee81"},"headline":"SQL Injection 101: What is SQLi and How to Prevent Attacks","datePublished":"2022-08-06T22:53:54+00:00","mainEntityOfPage":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/"},"wordCount":2130,"publisher":{"@id":"https:\/\/securitybriefing.net\/#organization"},"image":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","articleSection":["Security"],"inLanguage":"ko-KR"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/","url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/","name":"SQLi\ub780 \ubb34\uc5c7\uc774\uba70 \uacf5\uaca9\uc744 \ubc29\uc9c0\ud558\ub294 \ubc29\ubc95 | securitybriefing","isPartOf":{"@id":"https:\/\/securitybriefing.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage"},"image":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","datePublished":"2022-08-06T22:53:54+00:00","description":"SQL \uc778\uc81d\uc158\uc758 \uae30\ucd08\ub97c \ubc30\uc6b0\uc138\uc694. SQL \uc778\uc81d\uc158\uc774\ub780 \ubb34\uc5c7\uc774\uba70, \uc5b4\ub5bb\uac8c \uc791\ub3d9\ud558\uace0, \uacf5\uaca9\uc73c\ub85c\ubd80\ud130 \uc0ac\uc774\ud2b8\ub97c \ubcf4\ud638\ud558\ub294 \ubc29\ubc95\uc740 \ubb34\uc5c7\uc778\uac00\uc694?.","breadcrumb":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814"}],"inLanguage":"ko-KR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage","url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","contentUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","width":558,"height":500,"caption":"sql injection"},{"@type":"BreadcrumbList","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/securitybriefing.net\/"},{"@type":"ListItem","position":2,"name":"SQL Injection 101: What is SQLi and How to Prevent Attacks"}]},{"@type":"WebSite","@id":"https:\/\/securitybriefing.net\/#website","url":"https:\/\/securitybriefing.net\/","name":"\ubcf4\uc548 \ube0c\ub9ac\ud551","description":"Read cybersecurity news, online safety guides, cyber threat updates, and use free security tools from Security Briefing.","publisher":{"@id":"https:\/\/securitybriefing.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/securitybriefing.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ko-KR"},{"@type":"Organization","@id":"https:\/\/securitybriefing.net\/#organization","name":"\ubcf4\uc548 \ube0c\ub9ac\ud551","url":"https:\/\/securitybriefing.net\/","logo":{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/","url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png","contentUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png","width":256,"height":70,"caption":"Security Briefing"},"image":{"@id":"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/e99d7bfcfc8ecee5ed34ef3f0416ee81","name":"\ubcf4\uc548","image":{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g","caption":"security"},"description":"admin\uc740 \uc815\ubd80 \uae30\uc220\uc758 \uc120\uc784 \uc2a4\ud0dc\ud504 \uc791\uac00\uc785\ub2c8\ub2e4. \uc774\uc804\uc5d0\ub294 PYMNTS\uc640 \ubca0\uc774 \uc2a4\ud14c\uc774\ud2b8 \ubc30\ub108\uc5d0 \uae00\uc744 \uc37c\uc73c\uba70 \uce74\ub124\uae30 \uba5c\ub860\uc5d0\uc11c \ubb38\uc608\ucc3d\uc791 \ud559\uc0ac \ud559\uc704\ub97c \ubc1b\uc558\uc2b5\ub2c8\ub2e4. \ud604\uc7ac \ubcf4\uc2a4\ud134 \uc678\uacfd\uc5d0 \uac70\uc8fc\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4.","sameAs":["http:\/\/securitybriefing.net"],"url":"https:\/\/securitybriefing.net\/ko\/author\/security\/"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348","position":1,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348","name":"\uac00\uc7a5 \uc77c\ubc18\uc801\uc778 SQL \uc0bd\uc785\uc740 \ubb34\uc5c7\uc778\uac00\uc694?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"In-band SQL injection is the most common type of SQL injection attack. It occurs when an attacker can use the same communication channel to deliver the payload and gather results.","inLanguage":"ko-KR"},"inLanguage":"ko-KR"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832","position":2,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832","name":"SQL \uc778\uc81d\uc158\uc5d0 \ub300\ud55c \ucd5c\uace0\uc758 \ubc29\uc5b4\ub294 \ubb34\uc5c7\uc785\ub2c8\uae4c?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"The best defense against SQL injection is to use parameterized queries. This type of query uses placeholder values for parameters, which are supplied at a later date. This method allows the database to identify between source code and information.","inLanguage":"ko-KR"},"inLanguage":"ko-KR"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670","position":3,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670","name":"SQL \uc778\uc81d\uc158\uc740 \uc5b4\ub5bb\uac8c \ud0d0\uc9c0\ub429\ub2c8\uae4c?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"SQL injection can be detected in several ways. One method is to use a web application firewall (WAF). A WAF is a piece of hardware or software that sits between a web application and the internet. It inspects traffic for malicious activity and can block SQL injection attacks.","inLanguage":"ko-KR"},"inLanguage":"ko-KR"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103","position":4,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103","name":"2\ucc28 SQL \uc778\uc81d\uc158\uc774\ub780 \ubb34\uc5c7\uc778\uac00\uc694?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Second-order SQL injection occurs when an attacker can inject a payload that is stored by the web application and then later executed. This type of attack is more difficult to achieve because the attacker must have a way to trigger the execution of the stored payload.","inLanguage":"ko-KR"},"inLanguage":"ko-KR"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267","position":5,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267","name":"\ube14\ub77c\uc778\ub4dc SQL \uc778\uc81d\uc158\uc774\ub780 \ubb34\uc5c7\uc778\uac00\uc694?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Blind SQL injection is an attack where the attacker does not directly see the results of their payload. Instead, they must use true or false statements to infer information from the database. This type of attack is more challenging to execute but can be just as dangerous as other types of SQL injection.","inLanguage":"ko-KR"},"inLanguage":"ko-KR"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781","position":6,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781","name":"\uc2a4\ud0dd\ub41c \ucffc\ub9ac\ub780 \ubb34\uc5c7\uc778\uac00\uc694?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"A stacked query is a type of SQL injection where the attacker uses multiple queries to extract information from the database. This type of attack is more challenging to execute but can be very dangerous if successful.","inLanguage":"ko-KR"},"inLanguage":"ko-KR"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814","position":7,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814","name":"\uc624\ub958 \uae30\ubc18 SQL \uc0bd\uc785\uc774\ub780 \ubb34\uc5c7\uc785\ub2c8\uae4c?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Error-based SQL injection is an attack where the attacker uses database errors to infer information from the database. This attack is more challenging to execute but can be very dangerous if successful.","inLanguage":"ko-KR"},"inLanguage":"ko-KR"}]}},"_links":{"self":[{"href":"https:\/\/securitybriefing.net\/ko\/wp-json\/wp\/v2\/posts\/505","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securitybriefing.net\/ko\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securitybriefing.net\/ko\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/ko\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/ko\/wp-json\/wp\/v2\/comments?post=505"}],"version-history":[{"count":0,"href":"https:\/\/securitybriefing.net\/ko\/wp-json\/wp\/v2\/posts\/505\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/ko\/wp-json\/wp\/v2\/media\/644"}],"wp:attachment":[{"href":"https:\/\/securitybriefing.net\/ko\/wp-json\/wp\/v2\/media?parent=505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securitybriefing.net\/ko\/wp-json\/wp\/v2\/categories?post=505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securitybriefing.net\/ko\/wp-json\/wp\/v2\/tags?post=505"}],"curies":[{"name":"\uc6cc\ub4dc\ud504\ub808\uc2a4 (wp)","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}