20145331 Wei "Cyber Confrontation" EXP8 Web Foundation

Source: Internet
Author: User
Tags php basics sql injection

20145331 Wei "Cyber Confrontation" EXP8 Web Foundation Practice content:
1、简单的web前端页面(HTML、CSS等)2、简单的web后台数据处理(PHP)3、Mysql数据库4、一个简单的web登陆页面例子5、SQL注入、XSS攻击
Web Front end: HTML Basics

1, first the Apache port number set to 80 (the previous section has been set up), and then end the process of taking up 80 ports, and then start Apache. 2, create the 20145331wsc.html file in the/var/www/html directory, that is, the front-end file.

Attached: Check if the first step is successful simply enter localhost:80 in the browser, which shows the fake website from the previous lesson.

3, the next is the HTML programming, the degree is limited, simply compiled a user login interface.

4, in the browser's URL input field to enter the appropriate port number and HTML file name, see just the front end of the results, Yi unexpectedly still pretty.

PHP test

1, the third picture see I set the action to 20145331wsc.php, that is, jump to this php file up, then I have not written this PHP file, click submit of course display cannot find the file.

2, did not write that began to write Bai, first wrote a simple PHP file.

3, write and HTML files in a directory, and then click Submit to jump.

Web front end: JavaScript basics

1, javascript a literal translation script language, is a dynamic type, weak type, prototype-based language, built-in support type. Its interpreter, known as the JavaScript engine, is widely used as a scripting language for the client, and is used in HTML (an application under the standard Universal Markup Language) to add dynamic functionality to an HTML Web page.

2, from the Java Web programming book last semester to find a simple example, he will warn you that the user name and password can not be empty.

<script language="javascript">  <script language="javascript">  function isEmpty(){      var id = document.login.usrname.value ;      var pwd = document.login.password.value ;        if (id ==""){          alert("请输入用户名!");          return false ;      }    if (pwd ==""){          alert("请输入密码!");          return false ;      } }   
Web back end: MySQL Basics

This thing is the equivalent of the database, not difficult to pay attention to a lot of details, such as the command must have a semicolon after the!!!

1. Start the MySQL service first, and enter MySQL according to the initial password. ([email protected])

2, show the data inside, understand.

3, change the password, next time you can lose a hand password; update a wave of permissions:

4, exit, and then enter with a new password, and then do the job, create a new database, see if the creation of success has not been successful, use it.

5, a database can have many tables, then we create a new database in the new data table.

6, with the data sheet on the inside to write data, save a My own name and school number bar (they as a user name and password), check to see if it has been stored in.

Web back end: Php Basics

PHP (foreign name: Php:hypertext Preprocessor, Chinese name: "Hypertext Preprocessor") is a common open source scripting language. The grammar absorbs the C language, Java and Perl features, is conducive to learning, widely used, mainly for the field of web development. PHP's unique syntax mixes the syntax of C, Java, Perl, and PHP's own creation. It can execute Dynamic Web pages more quickly than CGI or Perl. Dynamic pages made in PHP are compared to other programming languages, and PHP is executed in HTML (an application under the standard Universal Markup Language), which is much more efficient than CGI, which generates HTML markup entirely; PHP can also execute post-compilation code, Compilation can achieve encryption and optimize code execution, making code run faster.

1, the first step to create a PHP file with code on the cloud to process, here to pay attention to the original file to overwrite the name of the data table you created earlier, the new set of passwords, and the name of the newly created database.

2, after the change, use the data stored in the table to log in to see:

3, casually lose a re-login, the data table is not recorded, certainly not (but still set up a connection, indicating that the database even if there is no problem):

To this end, the Web Programming section, blog writing is very smooth but the process is too bad! Crying and crying

SQL injection

1, the user name input ' or 1=1#, password casually write, login a bit (this step forgot ...) 2, the result is still login success, imagine if this is World of Warcraft login interface, filled with emotion AH:

3, followed by the user name input '; INSERT into lxmtable values (' Zy ', ' 0304 '); #, this is the command that just adds data to the data table, and then the password randomly loses, the following page appears:

4, but at this time you look at the data sheet, you will find a new Zy added to the record:

XSS attack test

1, put a picture in the same directory as the previous HTML file, the user name input as shown below, you can read to him:

Experiment Summary and experience

My Java Web programming ability is not good, so do this experiment some hard, but after the thought, the general logic is OK, also can understand (well it is not difficult), but whether it is to lose command or programming or in the grasp of the details to pay more attention to, can not say that only a probably The experiment encountered a problem: such as PHP, after entering the correct user name password, can only establish a connection and not successfully logged in. Finally, with the help of Cai classmates (this is not a hint of experimentation!) The discovery or the PHP file line of code is wrong, so that the details are really important, but also show that when the problem, to calmly analyze, in the end is which module out of the problem, so as to make targeted changes. In short, the experimental process is very hard, the results are very satisfied, is a great experience, in addition this experiment to improve my ability to analyze problems, encountered problems, analysis and solve problems, this is the significance of the experiment and the teacher to arrange the purpose of the experiment. Hard work for a long time to do out the expected effect, or a sense of accomplishment.

Basic question Answer

1, what is a form?

Form Ah, I feel is a box, can fill in data, can choose data, etc., mainly used in Web pages for data collection.

A form has three basic components: Form labels, form fields, form buttons.

2. What language can the browser run?

Scripting languages such as HTML, XML, PHP, JavaScript, and more.

3. What dynamic languages does webserver support?

JavaScript, JSP, PHP, etc.

20145331 Wei "Cyber Confrontation" EXP8 Web Foundation

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.