关于sql注入的请问
关于sql注入的请教
刚才看了这个帖子
http://topic.csdn.net/u/20121011/08/ed0d9538-0ed1-49c4-95c3-0fc1ef686aa2.html
他的登录代码是这样的:
- PHP code
<!-- Code highlighting produced by Actipro CodeHighlighter (freeware) http://www.CodeHighlighter.com/ -->$username = $_REQUEST['username']; $password = $_REQUEST['password']; $sql="select * from users where username='$username' and password='$password'";
后来根据他的方法,在知道用户名的情况下确实可以绕过密码提交登录成功。
不过他的方法首要先满足get_magic_quotes_gpc过滤关闭的情况下,这是基础条件。
然后他的登录代码似乎太落后了,现在的密码一般都是用md5加密一下,比如我的登录验证一般是这样写的:
- PHP code
<!-- Code highlighting produced by Actipro CodeHighlighter (freeware) http://www.CodeHighlighter.com/ -->$username = $_REQUEST['username']; $password = md5($_REQUEST['password']);//改了这行 $sql="select * from users where username='$username' and password='$password'";
这样提交表单得到的$sql就成了:
Select * from users where username='sean' and password='7e2705cbd698f255b7fe11eff40de898'
像这种情况应该怎么注入呢?
------解决方案--------------------
不是还有 $username 吗?干嘛非要是 $password
只要 magic_quotes_gpc = on 这些小儿科的攻击立即失效
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1382
52
What does php request mean?
Jul 07, 2021 pm 01:49 PM
The Chinese meaning of request is "request". It is a global variable in PHP and is an array containing "$_POST", "$_GET" and "$_COOKIE". The "$_REQUEST" variable can obtain data and COOKIE information submitted by POST or GET.
How to use the urllib.request.urlopen() function to send a GET request in Python 3.x
Jul 30, 2023 am 11:28 AM
How to use the urllib.request.urlopen() function in Python3.x to send a GET request. In network programming, we often need to obtain data from a remote server by sending an HTTP request. In Python, we can use the urllib.request.urlopen() function in the urllib module to send an HTTP request and get the response returned by the server. This article will introduce how to use
Asynchronous processing method of Select Channels Go concurrent programming using golang
Sep 28, 2023 pm 05:27 PM
Asynchronous processing method of SelectChannelsGo concurrent programming using golang Introduction: Concurrent programming is an important area in modern software development, which can effectively improve the performance and responsiveness of applications. In the Go language, concurrent programming can be implemented simply and efficiently using Channels and Select statements. This article will introduce how to use golang for asynchronous processing methods of SelectChannelsGo concurrent programming, and provide specific
How to hide the select element in jquery
Aug 15, 2023 pm 01:56 PM
How to hide the select element in jquery: 1. hide() method, introduce the jQuery library into the HTML page, you can use different selectors to hide the select element, the ID selector replaces the selectId with the ID of the select element you actually use; 2. css() method, use the ID selector to select the select element that needs to be hidden, use the css() method to set the display attribute to none, and replace selectId with the ID of the select element.
How to implement change event binding of select elements in jQuery
Feb 23, 2024 pm 01:12 PM
jQuery is a popular JavaScript library that can be used to simplify DOM manipulation, event handling, animation effects, etc. In web development, we often encounter situations where we need to change event binding on select elements. This article will introduce how to use jQuery to bind select element change events, and provide specific code examples. First, we need to create a dropdown menu with options using labels:
What is the Request object in PHP?
Feb 27, 2024 pm 09:06 PM
The Request object in PHP is an object used to handle HTTP requests sent by the client to the server. Through the Request object, we can obtain the client's request information, such as request method, request header information, request parameters, etc., so as to process and respond to the request. In PHP, you can use global variables such as $_REQUEST, $_GET, $_POST, etc. to obtain requested information, but these variables are not objects, but arrays. In order to process request information more flexibly and conveniently, you can
How to encapsulate Vue3 Axios interceptor into request file
May 19, 2023 am 11:49 AM
1. Create a new file called request.js and import Axios: importaxiosfrom'axios'; 2. Create a function called request and export it: This will create a function called request and export it Set up a new Axios instance with a base URL. To add timeout settings in a wrapped Axios instance, you can pass the timeout option when creating the Axios instance. exportconstrequest=axios.create({baseURL:'https://example.
php提交表单通过后,弹出的对话框怎样在当前页弹出,该如何解决
Jun 13, 2016 am 10:23 AM
php提交表单通过后,弹出的对话框怎样在当前页弹出php提交表单通过后,弹出的对话框怎样在当前页弹出而不是在空白页弹出?想实现这样的效果:而不是空白页弹出:------解决方案--------------------如果你的验证用PHP在后端,那么就用Ajax;仅供参考:HTML code
