When there is injection in PHP web application, how to write user login to prevent bypassing login through injection
Assume that the conditions cannot be changed, do not answer to prevent injection
General 2 ways to write
·
1
$sql = "select * from user where user_name=$username and password=$password";
$res = $db_obj->get_one($sql);
if($ res){
//Login successful
}
·
·
2
$sql = "select * from user where user_name=$username";
$res = $db_obj->get_one($sql);
if( $res[password]==md5($password)){
//Login successful
}
·
Both of the above 2 can be bypassed, please write safely
When there is injection in PHP web application, how to write user login to prevent bypassing login through injection
Assume that the conditions cannot be changed, do not answer to prevent injection
General 2 ways to write
·
1
$sql = "select * from user where user_name=$username and password=$password";
$res = $db_obj->get_one($sql);
if($ res){
//Login successful
}
·
·
2
$sql = "select * from user where user_name=$username";
$res = $db_obj->get_one($sql);
if( $res[password]==md5($password)){
//Login successful
}
·
Both of the above 2 can be bypassed, please write safely
Since there is an injection vulnerability, not only the login can be bypassed, but also your database is unsafe. If you know your table structure, inserting an administrator account is also very simple. So the key is to prevent injection, not what to do after injection.
The simplest
$sql = "select * from user where user_name='".addslashes($username)."'";
Isn’t the general way of writing using orm to read and write the database?
Handwritten sql is inherently unsafe
Use PDO prepared statements
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
