EXEC SQL
語句來執行參數化查詢。DATA lv_name TYPE string.
lv_name = 'John';
EXEC SQL.
SELECT * FROM employees WHERE name = :lv_name;
END EXEC.
DATA lv_name TYPE string.
lv_name = 'John';
lv_name = REPLACE( val = lv_name src = '''' with = '' ); " 過濾單引號
DATA: lv_name TYPE string,
lv_salary TYPE p DECIMALS 2.
lv_name = 'John';
lv_salary = 5000.
START TRANSACTION.
EXEC SQL.
UPDATE employees SET salary = :lv_salary WHERE name = :lv_name;
END EXEC.
COMMIT WORK.
限制數據庫用戶權限:為數據庫用戶分配最小必需的權限,避免給予過多權限導致惡意用戶進行SQL注入攻擊。
定期更新數據庫系統和應用程序:及時更新數據庫系統和應用程序的補丁,以修復已知的安全漏洞,降低遭受SQL注入攻擊的風險。