Analysis of preventing SQL injection method in PHP login
Prevent SQL injection These details are usually in the main idea of the programmer or novice programmers, they did not submit the data submitted by some very filtering so as to give you a test on the breach of your database, the following I come to a simple user login without security configuration may occur SQL injection method, Let's take a look below.
For example, the following login code:
The code is as follows |
|
if ($l = @mysql_connect (' localhost ', ' root ', ' 123 ')) or Die (' Database connection failed '); mysql_select_db (' Test '); Mysql_set_charset (' UTF8 '); $sql = ' Select ' from test where username = "$username" and password = "$password"; $res = mysql_query ($sql); if (mysql_num_rows ($res)) { Header (' location:./home.php '); }else{ Die (' input error '); } |
Note that the above SQL statement, there is a great security risk, if you use the following universal password and universal user name, then you can easily access the page:
code as follows |
|
1. $sql = ' Select ' from test where username = "* * *" and password = "* * *" or 1 = "1" '; |
It is clear that the universal password for this SQL statement is: * * = "or 1 =" 1
code as follows |
|
2. $sql = ' SELECT * FROM test where username = "* * *" UNION SELECT * FROM users/* and password = "* * *"; |
Forward slash * indicates that the following does not execute, MySQL support Union union query, so directly query out all the data; So the universal user name for this SQL statement is: * * * "UNION SELECT * FROM users/*
However, this injection only targets the SQL statements in the code, if
The code is as follows |
|
$sql = "SELECT * FROM Test where username = $username and password = $password"; |
The above injection is at least useless, but the method is the same;
After using PDO, SQL injection can be completely avoided, and in this fast-developing era, the framework is rampant, without much consideration for SQL injection.
The following is a collation of two preventing SQL registration functions
The code is as follows |
|
/* Filter all get over variables */ foreach ($_get as $get _key=> $get _var) { if (Is_numeric ($get _var)) { $get [Strtolower ($get _key)] = Get_int ($get _var); } else { $get [Strtolower ($get _key)] = Get_str ($get _var); } } /* Filter all post-over variables */ foreach ($_post as $post _key=> $post _var) { if (Is_numeric ($post _var)) { $post [Strtolower ($post _key)] = Get_int ($post _var); } else { $post [Strtolower ($post _key)] = Get_str ($post _var); } } /* Filter Function */ Integer Filter function function Get_int ($number) { Return Intval ($number); } string-Type Filter function function Get_str ($string) { if (!GET_MAGIC_QUOTES_GPC ()) { Return addslashes ($string); } return $string; } |
And some blogs will write this
code as follows |
|
function Post_check ($post) { if (!GET_MAGIC_QUOTES_GPC ())//Determine if MAGIC_QUOTES_GPC is open { $post = Addslashes ($post); To filter the submission data without opening the MAGIC_QUOTES_GPC } $post = Str_replace ("_", "\_", $post); Filter out the ' _ ' $post = str_replace ("%", "\%", $post); Filter out the '% ' $post = NL2BR ($post); Carriage return Conversion $post = Htmlspecialchars ($post); HTML markup Conversions return $post; } ?> |
http://www.bkjia.com/PHPjc/873235.html www.bkjia.com true http://www.bkjia.com/PHPjc/873235.html techarticle Prevention of SQL injection method analysis in PHP login to prevent SQL injection these details are generally seen in the main idea of programmers or novice programmers, they do not submit data to the user to do ...