安全
SQL注入
问题
select * from user where username='**' and password='**'
-- username=**' --
select * from user where username='**' --' and password='**';
-- username=**';delete from user; --
select * from user where username='**';delete from user; --' and password='**';
解决注入问题 mysql.escape
const mysql = require('mysql');
const username = mysql.escape(username);
结果
XSS 攻击
问题
解决方式
const xss = require('xss');
const title = xss(title);
