php sql injection cheat sheet

The principle of a function to prevent SQL injection is to use regular expressions to match the syntax of SQL injection and add restrictions, which effectively limits SQL injection. The principle of a function to prevent

For SQL injection and anti-injection is actually an attack and defense, today we want to tell you the most basic injection and prevention methods, the principle is to take advantage of some PHP or MySQL features and we did not pay attention to the cause. A simple

SQL Injection and anti-injection are actually attacks and defenses. Today we want to tell you the most basic injection and prevention methods, the principle is caused by the use of some features of php or mysql. A simple SQL

Talking about PHP security and anti-SQL injection, prevent XSS attack, anti-theft chain, anti-CSRF Objective: First of all, the author is not a web security experts, so this is not a Web security expert-level article, but learning notes, careful summary of the article, there are some of our phper not easy to find or say not to pay attention to things. So I writ

1. The magic_quotes_gpc option in the php. ini configuration file of the php tutorial is not enabled and is set to off. 2. The developer does not check and escape the data type. But in fact, the second point is the most important. In my opinion, it should be the most basic quality for a web programmer to check the data types entered by users and submit the correct data types to the mysql tutorial. But in re

executed several SQL commands in the background by code, showing the names of all the tables. So the mysql_query () function can take the role of further protection. We further evolve the code just now to get the following code: The code is as follows Copy Code ?Connection$database = mysql_connect ("localhost", "username", "password");DB selectionmysql_select_db ("Database", $database);$q = mysql_query ("SELECT" id ' from

1. The MAGIC_QUOTES_GPC option in PHP tutorial configuration file php.ini is not turned on and is set to off 2. The developer does not check and escape the data type But in fact, the 2nd is the most important. I think that checking the type of data entered by the user and submitting the correct data type to the MySQL tutorial should be the most basic quality of a web programmer. But in reality, many small white web developers often forget this, causi

normal administrative user, you can query to the data! In fact, there are many "user names" that can be injected into SQL, such as: ' or 1 or ' 1 Select * from where admin_name="or1or" and Admin_ Pass=MD5 ('ewsdfgbnvb') Special emphasis: 1, not only when the user logged in, the SQL statement can be injected, any other user's data as long as the implementation, it is possible to inject! 2,

1. The MAGIC_QUOTES_GPC option in the PHP tutorial configuration file php.ini is not turned on and is set to off 2. The developer did not check and escape the data type But in fact, the 2nd is the most important. I think that it is the most basic quality of a web programmer to check the data type entered by the user and submit the correct data type to the MySQL tutorial. But in reality, many small white web developers often forget this, leading to a

PHP to prevent the SQL injection method in detail, phpsql injection of detailed Problem Description:If the data entered by the user is inserted into an SQL query statement without processing, then the application is likely to suffer a S