SQLインジェクション対策について
教育的な観点ではなく実務的な観点から、僕の考えをまとめてみる。UTF-8 を利用し、SET NAMES を利用していなくて mysql で、クライアントプリペアドステートメントなケースを想定している。
$foo=$_POST[‘id’];
query(“SELECT * FROM foo WHERE id=$foo”);
のように外部からの文字列をそのまま使用してクエリを組みたてたときに、意図せぬ SQL を発行されてしまう脆弱性のことである。
tokuhirom
/ openapi.yml
Created
March 20, 2023 03:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| openapi: 3.0.3 | |
| info: | |
| title: Example | |
| version: 1.0.0 | |
| servers: | |
| - url: 'https://example.com/' | |
| paths: | |
| /callback: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.io.Closeable; | |
| import java.io.IOException; | |
| import java.net.InetSocketAddress; | |
| import java.net.URI; | |
| import java.nio.ByteBuffer; | |
| import java.nio.channels.*; | |
| import java.nio.charset.StandardCharsets; | |
| import java.util.*; | |
| import java.util.logging.Logger; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env perl | |
| use strict; | |
| &main; exit; | |
| sub main { | |
| my %white = map { $_ => 1 } qw/ | |
| kt java pl js rb py | |
| /; |
tokuhirom
/ gist:0fec6aed02930301a6280ccc5e7a864c
Created
March 8, 2019 06:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| self.addEventListener('message', function(e){ | |
| setInterval(function(){ | |
| self.postMessage('tick'); | |
| }, 1000); | |
| }, false); |
tokuhirom
/ DateTimeFormatterSample.java
Last active
November 29, 2018 05:54
Java 8 Date And Time API - Sample code.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.time.LocalDateTime; | |
| import java.time.ZoneId; | |
| import java.time.ZonedDateTime; | |
| import java.time.format.DateTimeFormatter; | |
| import java.util.Locale; | |
| public class DateTimeFormatterSample { | |
| public static void main(String[] args) { | |
| String[][] patterns = new String[][]{ | |
| new String[]{"G", "appendText(ChronoField.ERA,"}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| " ************************************************************************* | |
| " tokuhirom's .vimrc file. | |
| " | |
| " curl -fLo ~/.vim/autoload/plug.vim --create-dirs https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim | |
| " | |
| " | |
| " :e ++enc=cp932 | |
| " | |
| " ************************************************************************* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.example; | |
| import org.junit.Test; | |
| import org.junit.runner.RunWith; | |
| import org.mockito.InjectMocks; | |
| import org.mockito.runners.MockitoJUnitRunner; | |
| import java.util.HashMap; | |
| import java.util.Map; |
tokuhirom
/ update_curl.sh
Created
January 31, 2017 06:26
— forked from fideloper/update_curl.sh
Update curl on Ubuntu 14.04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env bash | |
| # Install any build dependencies needed for curl | |
| sudo apt-get build-dep curl | |
| # Get latest (as of Feb 25, 2016) libcurl | |
| mkdir ~/curl | |
| cd ~/curl | |
| wget http://curl.haxx.se/download/curl-7.50.2.tar.bz2 | |
| tar -xvjf curl-7.50.2.tar.bz2 |
Calling a XS function many times makes overhead. I recommend to run a for-loop in XS. It makes 155% faster than original implementation. (I want to generate a lot of β dsitribution random numbers)
NewerOlder