Mysql paging negative SQL attack

Mysql paging negative SQL attack
1. Attack Analysis

CleverCode's O & M colleague told me that when he checked the mysql error log, he found a large number of errors, so someone was attacking a specific address. This error occurs because mysql does not support negative numbers at limit. Usually when we paging, URLs are generally written as http://xxx.com? Page = 1 & pageSize = 20, that is, get the first page of data. 20 rows per page. But if it's a http://xxx.com? Page =-1 & pageSize = 20. The following error occurs.

2. Problematic PHP code

 

Function getUserLoginLog ($ page, $ pageSize) {// check if (! Is_int ($ page) |! Is_int ($ pageSize) {return ;}$ start = ($ page-1) * $ pageSize; $ sqlStr = "select * from user_login_log order by id desc limit $ start, $ pageSize "; // run the SQL statement //..... // If page =-1 and pageSize = 20, the preceding statement becomes // $ sqlStr = "select * from user_login_log order by id desc limit-40, 20 ";}

3. PHP code to prevent attacks

You only need to judge $ page and $ pageSize as a positive integer.

 

Function getUserLoginLog ($ page, $ pageSize) {// check if (! Is_int ($ page) |! Is_int ($ pageSize) {return ;}// positive integer check if ($ page <1 | $ pageSize <1) {return ;}$ start = ($ page-1) * $ pageSize; $ sqlStr = "select * from user_login_log order by id desc limit $ start, $ pageSize"; // run the SQL statement //.....}