Anti-XSS attack and SQL injection in PHP _php tutorial

This article simply describes the anti-XSS attacks in PHP and SQL injection in detail, you need to understand the friends can refer to the next.

XSS attack

The code is as follows	Copy Code
Arbitrary code Execution file contains and CSRF. }

There are many articles about SQL attacks and various anti-injection scripts, but none of them can solve the fundamental problem of SQL injection
See Code:

	copy code
!--? php mysql_connect ("Localho St "," root "," 123456 ") or Die (" Database connection failed! "); mysql_select_db ("test1"); $user =$_post[' uid ']; $pwd =$_post[' pass '); if (mysql_query ("select * from where admin = ' username ' = ' $user ' or ' password ' = ' $pwd '") { echo "user successfully logged in:"; br>} eles { echo "user name or password error"; } ?

The

is a very simple piece of code that detects whether a user name or password is correct, but submits some sensitive code in some malicious attacker. The consequences are conceivable: there are 2 ways to inject the post judgment.
1. In the text box of the form form, enter "or ' 1 ' = 1" or "and 1=1"
in the query database statement should be:
SELECT admin from where login = ' user ' = ' or ' 1 ' =1 ' or ' Pass ' = ' xxxx '
of course there will not be any errors, because or in the statement of SQL represents and, or meaning. Of course the error is also indicated.
at the time, we had discovered that all the information of the current table could be queried after the SQL statement could be executed. For example: Correct administrator account and password for login intrusion.
fix 1:
use JavaScript scripts to filter special characters (not recommended, non-certified)
If the attacker disables JavaScript or can make a SQL injection attack:
Fix 2:
uses MySQL's own function to filter.
See code:

The code is as follows	Copy Code
Omit operations such as connecting to a database. $user =mysql_real_escape_string ($_post[' user '); mysql_query ("select * from admin whrer ' username ' = ' $user '"); ?>

Now that we've talked about XSS attacks, let's talk about XSS attacks and precautions.
Submit a form:

The code is as follows	Copy Code
Receive file:

The code is as follows	Copy Code
if (Empty ($_post[' Sub '])) { echo $_post[' test ']; }

A very simple piece of code, here just simulates the next use scenario:
Join an attacker to commit

The code is as follows	Copy Code

On the returned page, you should display the cookie information for the current page.
We can apply to some of the message boards (not filtered in advance), and then when the administrator reviews the change of information to steal cookie information, and sent to the attacker's space or mailbox. An attacker could use a cookie modifier to make a login invasion.
Of course there are a lot of solutions too. Here's an introduction to the most common way.
fix Scenario 1: use JavaScript to escape
Fix Scenario 2: escaping with PHP built-in functions
The code is as follows:

The code is as follows	Copy Code
[Code] if (Empty ($_post[' Sub '])) { $str =$_post[' test ']; Htmlentities ($SRT); Echo $srt; } [HTML]

Well, the cases and fixes for SQL injection attacks and XSS attacks are just about the same.

http://www.bkjia.com/PHPjc/629115.html www.bkjia.com true http://www.bkjia.com/PHPjc/629115.html techarticle This article simply describes the anti-XSS attacks in PHP and SQL injection in detail, you need to understand the friends can refer to the next. The XSS attack code follows the copy code of any code package that executes ...

