Introduction to sql injection and XSS attacks in php

mysql_connect("localhost","root","123456")or die("Database connection failed!");
mysql_select_db("test1");
$user=$_post[ 'uid'];
$pwd=$_POST['pass'];
if(mysql_query("SELECT * from where
admin
= `username`='$user' or `password`='$pwd'") {
echo "The user logged in successfully..";
} eles {
echo "The username or password is incorrect";
}
?>

The above code is used to detect whether the username or password is correct Correct, but if you submit some sensitive code to some malicious attackers, the consequences can be imagined

.

There are two ways to judge injection. 1. Enter "or‘1'=1" or "and 1=1" in the text box of the form. The statement to query the database should be: SELECT admin from where login = `user`=''or'1'=1' or `pass`='xxxx' Of course, there will be no errors, because or represents and or means in the sql statement. Of course, errors will also be prompted. At that time, we had discovered that we could query all the information of the current table after executing the SQL statement. For example: correct administrator account and password for login intrusion. .

Fix method 1: Use javascript scripts to filter special characters (not recommended, indicators do not cure the root cause) If the attacker disables javascript, he can still conduct SQL injection attacks. .

Repair method 2: Use mysql's built-in function to filter.

// Omit operations such as connecting to the database
$user=mysql_real_escape_string($_POST['user']);
mysql_query("select * from admin whrer `username`='$user' ");
?>

2, XSS attacks and prevention. submit Form:

Receive files:

if(empty($_POST['sub'])){
echo $_POST['test'];
}

The code is very simple, just simulated use Scenes.

3. Add attacker submission The cookie information of the current page should be displayed on the returned page. We can apply it to some message boards (which are not filtered in advance), and then steal the COOKIE information when the administrator reviews the modified information and send it to the attacker's space or mailbox. Attackers can use cookie modifiers to perform login intrusions.

The following introduces one of the most commonly used solutions. Fix 1: Use javascript to escape Fix 2: Use PHP built-in functions to escape

if(empty($_POST['sub'])){
$str=$_POST['test'];
htmlentities($srt);
echo $srt;
 }