<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Sql on Commentary of Takao</title><link>https://takao.blog/zh-tw/tags/sql/</link><description>Recent content in Sql on Commentary of Takao</description><generator>Hugo -- gohugo.io</generator><language>zh-TW</language><copyright>Commentary of Takao</copyright><lastBuildDate>Wed, 15 Jul 2026 22:01:08 +0900</lastBuildDate><atom:link href="https://takao.blog/zh-tw/tags/sql/index.xml" rel="self" type="application/rss+xml"/><item><title>資料庫索引簡介：解決查詢延遲</title><link>https://takao.blog/zh-tw/web/backend-database-indexing-basics/</link><pubDate>Sun, 25 May 2025 00:00:00 +0900</pubDate><guid>https://takao.blog/zh-tw/web/backend-database-indexing-basics/</guid><description>&lt;img src="https://takao.blog/img/thumbnail/backend-database-indexing-basics-zh-tw.png" alt="Featured image of post 資料庫索引簡介：解決查詢延遲" /&gt;&lt;h2 id="介紹"&gt;介紹
&lt;/h2&gt;&lt;p&gt;隨著 Web 應用程式的擴展和資料量的成長，後端系統經常面臨查詢延遲等資料庫瓶頸問題。&lt;/p&gt;
&lt;p&gt;在沒有適當索引優化的情況下，在具有數十萬筆記錄的表上執行聯接 (&lt;code&gt;JOIN&lt;/code&gt;) 操作或複雜的搜尋查詢可能會導致資料庫 CPU 峰值，從而導致最終用戶的回應時間變慢。&lt;/p&gt;</description></item><item><title>SQL Injection 預防: Modern Database Security 指南</title><link>https://takao.blog/zh-tw/web/sql-injection-prevention/</link><pubDate>Tue, 01 Oct 2024 00:00:00 +0900</pubDate><guid>https://takao.blog/zh-tw/web/sql-injection-prevention/</guid><description>&lt;img src="https://takao.blog/img/thumbnail/sql-injection-prevention-zh-tw.png" alt="Featured image of post SQL Injection 預防: Modern Database Security 指南" /&gt;&lt;p&gt;SQL injection remains in the OWASP Top 10 despite decades of awareness. The 2023-2024 period saw high-profile breaches in healthcare, e-commerce, and government sectors involving SQLi. While the classic &lt;code&gt;' OR 1=1 --&lt;/code&gt; attack is well-known, modern variants include second-order injection, blind SQLi (time-based and boolean-based), and out-of-band exfiltration. Prevention is well-understood but poorly executed due to legacy code, ORM misuse, and insufficient testing automation.&lt;/p&gt;
&lt;h2 id="parameterized-queries-and-prepared-statements"&gt;Parameterized Queries and Prepared Statements
&lt;/h2&gt;&lt;p&gt;Prepared statements are the gold standard for SQL injection prevention. They separate SQL logic from data at the database engine level, making it impossible for user input to alter query structure.&lt;/p&gt;</description></item></channel></rss>