Common vulnerabilities and how to handle them

1. SQL injection

What is SQL injection? Is that the user enters special characters to change the semantics of the original SQL, which is called SQL injection.

Let's take a look at the example:

First create a simple user table to simulate SQL injection,

Then we simulate the user login:

$username = $_post[' username '); $passwd = $_post[' passwd ']; $sql = "SELECT * from user where username= ' $username ' and passwd = ' $passwd ', $result = mysql_query ($sql), if ($result) {    echo ' login success ';} else{    Echo ' login failed ';}

If the user enters Username=beggar and passwd=123456, this user is able to log on.

Consider if the user entered data for Username=beggar and passwd= ' or ' 1=1 ', the SQL statement at this time is select * from user where username= ' beggar ' and passwd= ' or ' 1 = 1 ';

This allows the user to log on successfully without knowing the password.

How to prevent it?

In the background should be the user input data for certain filtering, we can also write a method to process the received data, such as:

function Add_slashes ($name, $type) {switch ($type) {case ' integer ': if (Is_array ($name)) {                foreach ($name as $key = = $val) {$name [$key] = Intval ($val);                }}else{if (Isset ($_post[$name])) {$name = Intval ($_post[$name]);                }elseif (Isset ($_get[$name])) {$name = Intval ($_get[$name]);        }} break; Case ' string ': if (!GET_MAGIC_QUOTES_GPC ()) {if (Is_array ($name)) {foreach ($n                    Ame as $key + $val) {$name [$key] = addslashes ($val);  }}elseif (Isset ($_get[$name])) {if (Isset ($_post[$name)) {$name =                    Addslashes ($_post[$name]);                    }else{$name = addslashes ($_get[$name]);    }}} break; }   Return Strip_tags ($name);} 

2. XSS attack

The background receives the data and displays it:

$username = $_post[' username '); $passwd = $_post[' passwd '];echo ' user info:<br/> '; Echo ' username: '. $username. ' <br/> '; Echo ' passwd: '. $passwd. ' <br/> ';

When the user enters the username as <script>alert ("You are a bitch! Haha ... ") </script> (a joke)

On the displayed page, you will get a bitch! Haha ...

How to prevent it?

Using PHP's own strip_tags function, Htmlspecialchars, htmlentities, all three functions can filter the HTML, the first function will remove all HTML tags, the second and three functions will be HTML tags escaped

3. CSRF attack

The common method is to add the token method in the hidden form, token is a random number, in the submission of the form will pass the token, the background received token and the background session in the token value comparison, if the two values equal to the next operation, or the program will abort the operation

Common vulnerabilities and how to handle them