ImitationsqlInjection
##SEO:
1, if optimized, the title part is very important, the ## used to optimize the keywords of our website
#Search engines will classify your website based on keywords. If the website weight is high, when users search for keywords, they will see your website first
2, Japanese website --- points to the English website, indicating that the Japanese website voted for the English website. If the Japanese website voted for the English website, The more votes you cast, the better the English website is
PreventSQL injection:
1select()will query all records
find()Only one record will be queried
Write a simple username verification, write'or 1 or' in the username form. Prompt that the username is correct,
# Thought question: Why did it succeed without verification?
#echo $model->getLastsql();//Print out the sql statement
After querying the executedsql statement, we found that the cause of sql injection was the single quote
Because:##1
, through php ##Magic quotes, to escape the data entered by the user The lower version of php is enabled by default, which will automatically Escape the data entered by the user
php.ini in
is enabled and changed to
Magic_quotes_gpc=On
can prevent correct verification
##2and escape the data submitted by the user
Call theaddslashes()
function of php##$username= addslashes($_POST['username']);Use the addslashes function to process 3
, and use the ## ofthinkphp #System variablesGet external data $this->_server
## thinkphpSystem constants (4)
$this->_post('username', 'addslashes');
4, using arrayastp in the frame wherecondition
##5, directly write the query statement as
$list=$model->where('user_name="'.$username.'" and dept_id="'.$password.'"')-> select();The login will not be successful
Example:
//仿sql注入 public function login(){ $this->display(); } public function verify(){ //用户名'or 1 or'登录会提示登录成功,是不正确的 //方法1修改ini.php $username=$_POST['username']; $password=$_POST['password']; //方法2 /*$username=addslashes($_POST['username']); $password=$_POST['password']; //方法3 $this->_post('username','addslashes'); $password=$_POST['password']; //方法4数组 $cond['user_name']=$username; $cond['dept_id']=$password; $list=$model->where($cond)->find();*/ $model=M('User'); //方法5 // $list=$model->where('user_name="'.$username.'" and dept_id="'.$password.'"')->select(); $list=$model->where("user_name='$username' and dept_id='$password'")->select(); echo $model->getLastsql();//打印出sql语句 if($list){ echo '登录成功'; }else{ echo '登录失败'; } }
<form action="URL/verify" method="post"> 用户名:<input type="text" name="username"> 密码:<input type="text" name="password"> <input type="submit" value="提交"> </form>
Related recommendations:
Examples of methods to prevent SQL injection in PHP
The above is the detailed content of Use TP framework to imitate SQL attack injection. For more information, please follow other related articles on the PHP Chinese website!