Below, we write an introduction to the MySQL tutorial SQL injection and anti-injection example based on my programming experience.
Introduction to SQL anti-injection:
SQL query is a text language used to interact with the user, SQL uses the external data to send the user submitted to the MySQL database Tutorial server processing, if there is no strict filtering, may result in data loss, such as deleted, modified, and this problem is a network administrator difficult to do things, They cannot be controlled by hitting the system by the ding, or by installing the fire-resistant strong.
Now let's look at a simple user login instance.
First, create user table users
CREATE TABLE User (
UserID (int) not NULL auto_increment,
Username NOT null default ',
Userpass NOT NULL default ',
Primary KEY (UserID)
) type= MyISAM auto_increment=1;
A good watch creates success. Let's first insert a record into user table
Insert INTO ' user ' values (1, ' www.111cn.net ', ' 123456 ');
Now to do the user login code
<?php Tutorial
$root = ' localhost ';
$dbName = ' root ';
$dbpwd = ' 123456 ';
$db = ' UserDB ';
Mysql_connect ($root, $dbName, $dbpwd) or Die (' Database connection failed ');
$sql = "SELECT * from user where username= ' $username" and password= ' $pwd ';
$result =mysql_db_query ($db, $sql);
$ufo = Mysql_fetch_array ($result);
if ($UFO)
{
Echo ' landed success ';
}
Else
{
Echo ' Landing failed ';
}
Okay, now let's do an example to provide a URL to the above PHP processing page
Http://www.111cn.net/test/a.php?user=www.111cn.net ' or ' 1 = 1;
The result is that this SQL can successfully log into our system, not the password I want to wait 12346, okay, let's take a look at an example here.
Http://www.111cn.net/test/a.php?user=www.111cn.net '/*;
Http://www.111cn.net/test/a.php?user=www.111cn.net ' or ' #;
So as long as the user name is correct can also log on the system, in the SQL statement/* and # is the injection of the following SQL,
Well, based on the above questions, we've written a custom function to filter the injection function of a large SQL injection.
function Safesql ()
{
$re = "/(| %27|;| (%3d) | (| (%28) |) | (%29) | (/*)| (%2F%2A) | (%2a%2f) |+| (%2B) | (<| (%3e) | (%3e) | (--))| [|%5d)/";
if (Preg_match ($re, $username)
{
Echo ' Please do not illegal SQL injection ';
Exit
}
Else
{
return turn;
}
Finally, summarize:
Note: This site original article reproduced annotated source www.111cn.net