SQL注入 (Chinese Wikipedia)

Microsoft. SQL Injection. [2013-08-04]. （原始内容存档于2013-08-02）. SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQLi Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.

naer.edu.tw (Global: 4,367^th place; Chinese: 148^th place)

Jeff Forristal (signing as rain.forest.puppy). NT Web Technology Vulnerabilities. Phrack Magazine（英语：Phrack Magazine）. Dec 25, 1998, 8 (54 (article 8)) [2020-05-29]. （原始内容存档于2014-03-19）.

Microsoft. SQL Injection. [2013-08-04]. （原始内容存档于2013-08-02）. SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQLi Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.
Sean Michael Kerner. How Was SQL Injection Discovered? The researcher once known as Rain Forrest Puppy explains how he discovered the first SQL injection more than 15 years ago.. November 25, 2013 [2020-05-29]. （原始内容存档于2014-03-18）.
Jeff Forristal (signing as rain.forest.puppy). NT Web Technology Vulnerabilities. Phrack Magazine（英语：Phrack Magazine）. Dec 25, 1998, 8 (54 (article 8)) [2020-05-29]. （原始内容存档于2014-03-19）.

Jeff Forristal (signing as rain.forest.puppy). NT Web Technology Vulnerabilities. Phrack Magazine（英语：Phrack Magazine）. Dec 25, 1998, 8 (54 (article 8)) [2020-05-29]. （原始内容存档于2014-03-19）.