Introduction to sql injection and XSS attacks in php
The above code is used to detect whether the username or password is correct Correct, but if you submit some sensitive code to some malicious attackers, the consequences can be imagined .There are two ways to judge injection. 1. Enter "or‘1'=1" or "and 1=1" in the text box of the form. The statement to query the database should be: SELECT admin from where login = `user`=''or'1'=1' or `pass`='xxxx' Of course, there will be no errors, because or represents and or means in the sql statement. Of course, errors will also be prompted. At that time, we had discovered that we could query all the information of the current table after executing the SQL statement. For example: correct administrator account and password for login intrusion. . Fix method 1: Use javascript scripts to filter special characters (not recommended, indicators do not cure the root cause) If the attacker disables javascript, he can still conduct SQL injection attacks. . Repair method 2: Use mysql's built-in function to filter.
2, XSS attacks and prevention. submit Form: Receive files:
The code is very simple, just simulated use Scenes. 3. Add attacker submission The cookie information of the current page should be displayed on the returned page. We can apply it to some message boards (which are not filtered in advance), and then steal the COOKIE information when the administrator reviews the modified information and send it to the attacker's space or mailbox. Attackers can use cookie modifiers to perform login intrusions. The following introduces one of the most commonly used solutions. Fix 1: Use javascript to escape Fix 2: Use PHP built-in functions to escape
|

Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Hot Topics

11 Best PHP URL Shortener Scripts (Free and Premium)

Working with Flash Session Data in Laravel

Build a React App With a Laravel Back End: Part 2, React

Simplified HTTP Response Mocking in Laravel Tests

cURL in PHP: How to Use the PHP cURL Extension in REST APIs

12 Best PHP Chat Scripts on CodeCanyon

Announcement of 2025 PHP Situation Survey
