Home > Developer > Web Develop

2017-2018-2 20155203 "Network countermeasure technology" Exp8:web Foundation

Source: Internet
Author: User
Tags php basics
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Basic question Answer (1) What is a form 
    我认为,form概念主要区分于table,table是用网页布局设计,是静态的,form是用于显示和收集信息传递到服务器和后台数据库中,是动态的;    以下是表单的百度百科:   表单在网页中主要负责数据采集功能。一个表单有三个基本组成部分:   表单标签:这里面包含了处理表单数据所用CGI程序的URL以及数据提交到服务器的方法。   表单域:包含了文本框、密码框、隐藏域、多行文本框、复选框、单选框、下拉选择框和文件上传框等。   表单按钮:包括提交按钮、复位按钮和一般按钮;用于将数据传送到服务器上的CGI脚本或者取消输入,还可以用表单按钮来控制其他定义了处理脚本的处理工作。
(2) The browser can parse what language to run. 
   HTML(超文本标记语言)、XML(可扩展标记语言)以及Python、PHP、JavaScript、ASP等众多脚本语言。
(3) What dynamic languages are supported by webserver
Practice Summary and experience

Learning the use of html,jsp,php and other languages, learned a lot of useful things, but also learned in the database of knowledge practice. Web Programming is fun ~

Practice Process record 1. Web Front end: HTML Basics

Static Web page

<! DOCTYPE HTML PUBLIC "-//w3c//dtd HTML 4.01 transitional//en" "Http://www.w3.org/TR/html4/loose.dtd" >

2. Web Front end: Javascipt Foundation

Dynamic Web pages, where the code contains function functions.

3. Web back end: MySQL Basics

After the last use of the official source download installed OpenVAS, you cannot use MySQL, re-use Zhong ke source updates,

Insufficient memory to recover snapshot

[email protected]:~#/etc/init.d/mysql start[OK] starting MySQL (via Systemctl): Mysql.service. [email protected]:~# mysql-u root-penter Password: (initial) [EMAIL&NBSP;PROTECTED]MARIADB [(None)]> show databases ;+--------------------+| Database |+--------------------+| Information_schema | | MySQL | | Performance_schema |+--------------------+mariadb [(none)]> use Mysql;database changedmariadb [mysql]> Select User, password, host from user;//view Current user information +------+----------+-----------+| user | password | Host |+------+----------+-----------+|          Root | | localhost |+------+----------+-----------+mariadb [mysql]> UPDATE user SET Password=password ("20155203") WHERE user = ' root ';//change root password mariadb [mysql]> flush privileges;//Update permissions mariadb [mysql]> CREATE DATABASE 20155203dukx; Query OK, 1 row affected (0.01 sec) MariaDB [mysql]> use 20155203dukx;//CREATE DATABASE and open MariaDB [20155203dukx]> CREATE table Usertest1 (student VARCHAR), password VarchAR (+), identity VARCHAR (20));//create a new table that indicates the table contains the contents and the length of each item varcharquery OK, 0 rows affected (0.14 sec) MariaDB [20155203dukx] > INSERT into Usertest1 values (' 20155203 ', ' 20155203 ', ' student ');  Query OK, 1 row affected (0.01 sec) MariaDB [20155203dukx]> select * from Usertest1; +----------+----------+----------+| Student | password | Identity |+----------+----------+----------+| 20155203 | 20155203 | Student |+----------+----------+----------+1 row in Set (0.00 sec)//insert record and view, replace * with keywords you want to find, you can use to find records related to keywords. MariaDB [20155203dukx]> Grant Select (Insert,update,delete) on 20155203dukx.* to [email protected] identified by "20155203";//create a new user and give it permission.


Do not enter a semicolon, it will always appear "--"

4. Web Back-end: PHP Basics
<?php$uname=($_POST["username"]);$pwd=($_POST["password"]);$iden=($_POST["identity"]);//自行选择需要匹配的项目进行添加网页的表单action使用post,若使用get就改成get/* echo $uname; */$query_str="SELECT * FROM usertest1 where username=‘$uname‘ and password=‘$pwd‘ and identity=‘$iden‘;";//从自己的表单里select/* echo "<br> {$query_str} <br>";*/$mysqli = new mysqli("127.0.0.1", "dukx", "20155203", "20155203dukx");//b不要使用root一般会失败,可能是因为数据库的权限问题/* check connection */if ($mysqli->connect_errno) {    printf("Connect failed: %s\n", $mysqli->connect_error);    exit();}echo "connection ok!";/* Select queries return a resultset */if ($result = $mysqli->query($query_str)) {    if ($result->num_rows > 0 ){        echo "<br> Wellcome login Mr/Mrs:{$uname} <br> ";//这里可以链接自己写的登陆页面    } else {        echo "<br> login failed!!!! <br> " ;    }    /* free result set */    $result->close();}$mysqli->close();?>

PHP test; see what's Under/etc/password:

Add PHP Backend: Login Successful

5. SQL injection
    1. In the User name input box, enter
      ‘ or 1=1#The synthetic SQL query statement is
      select * from lxmtable where username=‘‘ or 1=1#‘ and password=‘‘
      , #会把后面的内容都注释掉, and 1=1 is always true, so this search must match the success, so it can be successfully landed

    1. To change this sentence in the back-end PHP file to execute multiple sentencesif ($result = $mysqli->multi_query($query_str))
      At the same time, the size of the text box entered by the user name in the HTML file has to be changed.
      After you enter the user name input box that says ‘;insert into usertest1 values(‘20155204‘,‘5204‘,‘student‘);# Select, you also execute the INSERT statement with the following result:

6. XSS Attack test

Retrieve the image under the directory, that is, the /var/www/html Web page source file directory, input。。。</a>

2017-2018-2 20155203 "Network countermeasure technology" Exp8:web Foundation

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
new technology stocks 2017 web technology books techsoup global network technology donation program network web mcv foundation razoo foundation siu foundation

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More