Implementation and Prevention example of PHP Mysql Injection

The following articles mainly introduce the implementation and prevention of PHP Mysql injection. In my opinion, the main cause of SQL injection attacks is the following two reasons. 1) The magic_quotes_gpc option in the php configuration file php. ini is disabled.

2). The developer does not check and escape the data type.

But in fact, the second point is the most important. In my opinion, it should be the most basic quality for web programmers to check the data types entered by users and submit the correct data types to MYSQL. But in reality, many small Web developers often forget this, leading to a wide open backdoor.

Why is the implementation and prevention of PHP Mysql injection the second most important? Without the second guarantee, the magic_quotes_gpc option may cause SQL injection attacks, whether on or off. The following describes the technical implementation:

Injection Attack when magic_quotes_gpc = Off

Magic_quotes_gpc = Off is a very insecure option in php. The new php version has changed the default value to On. However, there are still a considerable number of server options that are off. After all, some old servers are also used.

When magic_quotes_gpc = On, it will include all '(single quotes),' (double signs), \ (backslash), and white space characters in the submitted variables, \ is automatically added to the front \. The official instructions for php are as follows:

 
 

  
  
magic_quotes_gpc boolean  
  
  
Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. 
When magic_quotes are on, all ‘ (single-quote), ” (double quote), 
\ (backslash) and NUL’s are escaped with a backslash automatically  
 
 

If there is no escape, that is, off, attackers can take advantage of it. The following test script is used as an example:

<?

F (isset ($ _ POST ["f_login"])

{

Connect to the database...

... Code omitted...

Check whether the user exists

 
 

  
  
$ T_strUname = $ _ POST ["f_uname"];
  
  
$ T_strPwd = $ _ POST ["f_pwd"];
  
  
$ T_strSQL = "SELECT * FROM tbl_users WHERE username = '$ t_strUname' AND password = '$ t_strPwd' LIMIT ";
  
  
If ($ t_hRes = mysql_query ($ t_strSQL ))
  
  
{
  
  
// Processing after successful query...
  
  
}
  
  
}
  
  
?>
  
  
<Html>  
  
<Body>
  
  
<Form method = post action = "">
  
  
Username: <input type = "text" name = "f_uname" size = 30> <br>
  
  
Password: <input type = text name = "f_pwd" size = 30> <br>
  
  
<Input type = "submit" name = "f_login" value = "Logon">
  
  
</Form>
  
  
</Body>
 
 

The above content describes the implementation and prevention of PHP Mysql injection, hoping to help you in this aspect.