Community Learn Tools Library Leisure
search
English
Home > Database > Mysql Tutorial > body text

PHP Mysql 注入的实现和防范示例

WBOY
Release: 2016-06-07 16:13:35
Original
913 people have browsed it

以下的文章主要介绍的是PHP Mysql 注入的实现和防范,以我个人看来,引发SQL注入攻击的最主要原因,是以下2个原因:即。1). php 配置文件 php.ini 中的 magic_quotes_gpc 选项没有打开,被置为 off。 2). 开发者没有对数据类型进行检查和转义 不过事实上,

以下的文章主要介绍的是PHP Mysql 注入的实现和防范,以我个人看来,引发SQL注入攻击的最主要原因,是以下2个原因:即。1). php 配置文件 php.ini 中的 magic_quotes_gpc 选项没有打开,被置为 off。

2). 开发者没有对数据类型进行检查和转义

不过事实上,第二点最为重要。我认为, 对用户输入的数据类型进行检查,向 MYSQL 提交正确的数据类型,这应该是一个 web 程序员最最基本的素质。但现实中,常常有许多小白式的 Web 开发者忘了这点, 从而导致后门大开。

为什么说PHP Mysql 注入的实现与防范第二点最为重要?因为如果没有第二点的保证,magic_quotes_gpc 选项,不论为 on,还是为 off,都有可能引发 SQL 注入攻击。下面来看一下技术实现:

 magic_quotes_gpc = Off 时的注入攻击

magic_quotes_gpc = Off 是 php 中一种非常不安全的选项。新版本的 php 已经将默认的值改为了 On。但仍有相当多的服务器的选项为 off。毕竟,再古董的服务器也是有人用的。

当magic_quotes_gpc = On 时,它会将提交的变量中所有的 ‘(单引号)、”(双号号)、\(反斜线)、空白字符,都为在前面自动加上 \。下面是 php 的官方说明:

<ol class="dp-xml">
<li class="alt"><span><span>magic_quotes_gpc boolean  </span></span></li>
<li><span>Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. <br>When magic_quotes are on, all ‘ (single-quote), ” (double quote), <br>\ (backslash) and NUL’s are escaped with a backslash automatically  </span></li>
</ol>
Copy after login

如果没有转义,即 off 情况下,就会让攻击者有机可乘。以下列测试脚本为例:

f ( isset($_POST["f_login"] ) )

{

连接数据库...

...代码略...

检查用户是否存在

<ol class="dp-xml">
<li class="alt"><span><span>$</span><span class="attribute">t_strUname</span><span> = $_POST["f_uname"];  </span></span></li>
<li>
<span>$</span><span class="attribute">t_strPwd</span><span> = $_POST["f_pwd"];  </span>
</li>
<li class="alt">
<span>$</span><span class="attribute">t_strSQL</span><span> = </span><span class="attribute-value">"SELECT * FROM tbl_users WHERE username='$t_strUname' AND password = '$t_strPwd' LIMIT 0,1"</span><span>;  </span>
</li>
<li>
<span>if ( $</span><span class="attribute">t_hRes</span><span> = </span><span class="attribute-value">mysql_query</span><span>($t_strSQL) )  </span>
</li>
<li class="alt"><span>{  </span></li>
<li><span>// 成功查询之后的处理. 略...  </span></li>
<li class="alt"><span>}  </span></li>
<li><span>}  </span></li>
<li class="alt">
<span class="tag">?></span><span> </span>
</li>
<li><span class="tag"><span class="tag-name">html</span><span class="tag">></span><span class="tag"><span class="tag-name">head</span><span class="tag">></span><span class="tag"><span class="tag-name">title</span><span class="tag">></span><span>sample test</span><span class="tag"></span><span class="tag-name">title</span><span class="tag">></span><span class="tag"></span><span class="tag-name">head</span><span class="tag">></span><span> </span></span></span></span></li>
<li class="alt"><span class="tag"><span class="tag-name">body</span><span class="tag">></span><span> </span></span></li>
<li><span class="tag"><span class="tag-name">form</span><span> </span><span class="attribute">method</span><span>=</span><span class="attribute-value">post</span><span> </span><span class="attribute">action</span><span>=</span><span class="attribute-value">""</span><span class="tag">></span><span> </span></span></li>
<li class="alt">
<span>Username: </span><span class="tag"><span class="tag-name">input</span><span> </span><span class="attribute">type</span><span>=</span><span class="attribute-value">"text"</span><span> </span><span class="attribute">name</span><span>=</span><span class="attribute-value">"f_uname"</span><span> </span><span class="attribute">size</span><span>=</span><span class="attribute-value">30</span><span class="tag">></span><span class="tag"><span class="tag-name">br</span><span class="tag">></span><span> </span></span></span>
</li>
<li>
<span>Password: </span><span class="tag"><span class="tag-name">input</span><span> </span><span class="attribute">type</span><span>=</span><span class="attribute-value">text</span><span> </span><span class="attribute">name</span><span>=</span><span class="attribute-value">"f_pwd"</span><span> </span><span class="attribute">size</span><span>=</span><span class="attribute-value">30</span><span class="tag">></span><span class="tag"><span class="tag-name">br</span><span class="tag">></span><span> </span></span></span>
</li>
<li class="alt"><span class="tag"><span class="tag-name">input</span><span> </span><span class="attribute">type</span><span>=</span><span class="attribute-value">"submit"</span><span> </span><span class="attribute">name</span><span>=</span><span class="attribute-value">"f_login"</span><span> </span><span class="attribute">value</span><span>=</span><span class="attribute-value">"登录"</span><span class="tag">></span><span> </span></span></li>
<li>
<span class="tag"></span><span class="tag-name">form</span><span class="tag">></span><span> </span>
</li>
<li class="alt">
<span class="tag"></span><span class="tag-name">body</span><span class="tag">></span><span> </span>
</li>
</ol>
Copy after login

上述的相关内容就是对PHP Mysql 注入 的实现与防范的部分内容的描述,希望会给你带来一些帮助在此方面。


Related labels:
mysql php main accomplish article injection Example precaution
source:php.cn
Previous article:MySQL修改表的实际应用代码示例 Next article:常用MySQL命令的大汇总
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
PHP arrays obtained from URL parameters do not behave as expected I have a URL parameter that contains the category ID and I want to treat it as an array li...
From 2024-04-06 22:09:02
0
1
1428
Where should I place CustomLog directive in apache I'm using php:7.2-apachedocker. I need to disable health check url login access log. Based...
From 2024-04-06 22:03:59
0
1
990
What is the format of the variables in the return value? I am a new learner of php. I found a piece of code: if($x<time()){return[false,'error']...
From 2024-04-06 21:55:20
0
1
778
Problems encountered when using opentbs to generate odt files: values ​​of the same key are displayed in the same row instead of separate columns. I'm using a library called OpenTbs to create odt using PHP, I'm using it because columns a...
From 2024-04-06 20:18:18
0
1
483
Group MySQL results by ID for looping over I have a table with flight data in mysql. I'm writing a php code that will group and displ...
From 2024-04-06 17:27:56
0
1
406
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template