简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home > Backend Development > PHP Tutorial > body text

终竟什么是sql注入

WBOY
Release: 2016-06-13 12:19:22
Original
1034 people have browsed it

到底什么是sql注入
因为刚学php,但总是看到别人在写php代码时总是写一些提防sql注入的句子,到底啥是sql注入呢?好象一些特殊符号写进数据库中就行了,但我有疑问是,这些特殊符号如\ '等就是写进去了,又能咋样呢?也不会对安全造成威胁
------解决思路----------------------
简单举个例子

例如要检查用户登入输入的用户名和密码是否正确。

$username = 'fdipzone';
$password = '123456';
$sql = "select * from table where username='".$username."' and password='".$password."'";


但如果$password我填入了以下的字符,就能绕过检查了。
$password = "abc' or '1'='1"
查询语句就会变成
select * from table where username='fdipzone' and password='abc' or '1'='1'
这样无论username与password输入什么都能正常通过。


防注入就是把一些会影响的字符转义,例如 ' 等。

Related labels:
nbsp sql
source:php.cn
Previous article:php-cgi占用100%,有关问题很离谱 Next article:php获取ftp xml解决办法
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...
From 2024-04-29 11:01:01
0
2
1429
There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...
From 2024-04-18 23:52:34
0
1
1284
PX automatic conversion to REM error  <style>html {   font-size: calc(100vw / 3.75);      }...
From 2024-04-16 09:34:16
0
0
4687
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!