SQL injection is a problem that everyone often considers in program development. Let me analyze the common SQL injection prevention codes. Friends in need can refer to it.
1. Basic principles of PHP submission data filtering
1) When submitting variables into the database, we must use addslashes() for filtering. For example, our injection problem can be solved with just one addslashes(). In fact, when it comes to variable values, the intval() function is also a good choice for filtering strings.
2) Enable magic_quotes_gpc and magic_quotes_runtime in php.ini. magic_quotes_gpc can change the quotation marks in get, post, and cookie into slashes. magic_quotes_runtime can play a formatting role in data entering and exiting the database. In fact, this parameter has been very popular since the old days when injection was crazy.
The code is as follows
Copy code
代码如下
复制代码
if ( isset($_POST["f_login"] ) )
{
// 连接数据库...
// ...代码略...
// 检查用户是否存在
$t_strUname = $_POST["f_uname"];
$t_strPwd = $_POST["f_pwd"];
$t_strSQL = "SELECT * FROM tbl_users WHERE username='$t_strUname' AND password = '$t_strPwd' LIMIT 0,1";
$t_strSQL = "SELECT * FROM tbl_users WHERE username='$t_strUname' AND password = '$t_strPwd' LIMIT 0,1";
if ( $t_hRes = mysql_query($t_strSQL) )
{
// Processing after successful query. Omitted...
}
}
?>
sample test
3) When using system functions, you must use escapeshellarg() and escapeshellcmd() parameters to filter, so that you can use system functions with confidence.
4) For cross-site, both parameters of strip_tags() and htmlspecialchars() are good. All tags with html and php submitted by users will be converted. For example, angle brackets "<" will be converted into harmless characters such as "<". <🎜>
The code is as follows
Copy code
$new = htmlspecialchars("Test", ENT_QUOTES);
strip_tags($text,);
5) Regarding the filtering of related functions, just like the previous include(), unlink, fopen(), etc., as long as you specify the variables you want to perform the operation or strictly filter the related characters, I think this will be enough. Impeccable.
2. Simple data filtering with PHP
1) Storage: trim($str),addslashes($str)
2) Deposit: stripslashes($str)
3) Display: htmlspecialchars(nl2br($str))
1. Types of injection attacks
There may be many different types of attack motivations, but at first glance, it appears that there are many more. This is very true - if a malicious user finds a way to perform multiple queries. We will discuss this in detail later in this article.
Such as
If your script is executing a SELECT instruction, an attacker can force the display of every row in a table by injecting a condition such as "1=1" into the WHERE clause, as shown below (where, Injected parts are shown in bold):
The code is as follows
Copy code
SELECT * FROM wines WHERE variety = 'lagrein' OR 1=1;'
As we discussed earlier, this can be useful information in itself, as it reveals the general structure of the table (something a plain record wouldn't), as well as potentially showing the data containing confidential information. Record.
An updated directive potentially poses a more immediate threat. By placing other attributes in the SET clause, an attacker can modify any field in the currently updated record, such as the following example (in which the injected part is shown in bold):
The code is as follows
Copy code
代码如下
复制代码
UPDATE wines SET type='red','vintage'='9999' WHERE variety = 'lagrein'
UPDATE wines SET type='red', 'vintage'='9999' WHERE variety = 'lagrein'
By adding a constant true condition such as 1=1 to the WHERE clause of an update instruction, the scope of this modification can be extended to each record, such as the following example (where the injection part is shown in bold ):
代码如下
复制代码
UPDATE wines SET type='red','vintage'='9999 WHERE variety = 'lagrein' OR 1=1;'
The code is as follows
Copy code
UPDATE wines SET type='red', 'vintage'='9999 WHERE variety = 'lagrein' OR 1=1;'
Probably the most dangerous instruction is DELETE - it's not hard to imagine. The injection technique is the same as we've already seen - extending the scope of affected records by modifying the WHERE clause, as in the example below (where the injection part is in bold):
代码如下
复制代码
DELETE FROM wines WHERE variety = 'lagrein' OR 1=1;'
2. Multiple query injection
Multiple query injections will exacerbate the potential damage an attacker can cause - by allowing multiple destructive instructions to be included in a single query. When using the MySQL database, an attacker can easily achieve this by inserting an unexpected terminator into the query - an injected quote (single or double) marks the end of the expected variable; Then terminate the directive with a semicolon. Now, an additional attack command may be added to the end of the now terminated original command. The final destructive query might look like this:
代码如下
复制代码
SELECT * FROM wines WHERE variety = 'lagrein';
GRANT ALL ON *.* TO 'BadGuy@%' IDENTIFIED BY 'gotcha';'
The code is as follows:
The code is as follows
Copy code
SELECT * FROM wines WHERE variety = 'lagrein';
GRANT ALL ON *.* TO 'BadGuy@%' IDENTIFIED BY 'gotcha';'
This injection will create a new user BadGuy and give it network privileges (all privileges on all tables); there is also an "ominous" password added to this simple SELECT statement. If you followed our advice in the previous article and strictly limited the privileges of the process user, then this should not work because the web server daemon no longer has the GRANT privileges that you revoked. But in theory, such an attack could give BadGuy free rein to do whatever he wants with your database.
return $str;
}
To summarize:
* addslashes() is a forced addition;
* mysql_real_escape_string() will determine the character set, but there are requirements for the PHP version;
* mysql_escape_string does not take into account the current character set of the connection.
To prevent sql injection in dz, you use the addslashes function. At the same time, there are some replacements in the dthmlspecialchars function $string = preg_replace(/&((#(d{3,5}|x[a-fA-F0 -9]{4}));)/, &1, This replacement solves the injection problem and also solves some problems with Chinese garbled characters
http://www.bkjia.com/PHPjc/629645.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629645.htmlTechArticleSQL injection is a problem that everyone often considers in program development. Let me analyze the common ones below. SQL injection prevention code, friends in need can refer to it. 1. PHP submits data...
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
PHP and Python each have their own advantages, and choose according to project requirements. 1.PHP is suitable for web development, especially for rapid development and maintenance of websites. 2. Python is suitable for data science, machine learning and artificial intelligence, with concise syntax and suitable for beginners.
PHP is widely used in e-commerce, content management systems and API development. 1) E-commerce: used for shopping cart function and payment processing. 2) Content management system: used for dynamic content generation and user management. 3) API development: used for RESTful API development and API security. Through performance optimization and best practices, the efficiency and maintainability of PHP applications are improved.
PHP is a scripting language widely used on the server side, especially suitable for web development. 1.PHP can embed HTML, process HTTP requests and responses, and supports a variety of databases. 2.PHP is used to generate dynamic web content, process form data, access databases, etc., with strong community support and open source resources. 3. PHP is an interpreted language, and the execution process includes lexical analysis, grammatical analysis, compilation and execution. 4.PHP can be combined with MySQL for advanced applications such as user registration systems. 5. When debugging PHP, you can use functions such as error_reporting() and var_dump(). 6. Optimize PHP code to use caching mechanisms, optimize database queries and use built-in functions. 7
PHP is still dynamic and still occupies an important position in the field of modern programming. 1) PHP's simplicity and powerful community support make it widely used in web development; 2) Its flexibility and stability make it outstanding in handling web forms, database operations and file processing; 3) PHP is constantly evolving and optimizing, suitable for beginners and experienced developers.
PHP and Python each have their own advantages, and the choice should be based on project requirements. 1.PHP is suitable for web development, with simple syntax and high execution efficiency. 2. Python is suitable for data science and machine learning, with concise syntax and rich libraries.
PHP and Python have their own advantages and disadvantages, and the choice depends on project needs and personal preferences. 1.PHP is suitable for rapid development and maintenance of large-scale web applications. 2. Python dominates the field of data science and machine learning.
PHP is suitable for web development, especially in rapid development and processing dynamic content, but is not good at data science and enterprise-level applications. Compared with Python, PHP has more advantages in web development, but is not as good as Python in the field of data science; compared with Java, PHP performs worse in enterprise-level applications, but is more flexible in web development; compared with JavaScript, PHP is more concise in back-end development, but is not as good as JavaScript in front-end development.
PHP is mainly procedural programming, but also supports object-oriented programming (OOP); Python supports a variety of paradigms, including OOP, functional and procedural programming. PHP is suitable for web development, and Python is suitable for a variety of applications such as data analysis and machine learning.
Backend Development
