Anti-XSS attack and SQL injection in PHP _php tutorial

Source: Internet
Author: User
Tags sql injection attack
This article simply describes the anti-XSS attacks in PHP and SQL injection in detail, you need to understand the friends can refer to the next.

XSS attack

The code is as follows Copy Code

Arbitrary code Execution
file contains and CSRF.
}


There are many articles about SQL attacks and various anti-injection scripts, but none of them can solve the fundamental problem of SQL injection
See Code:

copy code


!--? php
mysql_connect ("Localho St "," root "," 123456 ") or Die (" Database connection failed! ");
mysql_select_db ("test1");
$user =$_post[' uid '];
$pwd =$_post[' pass ');
if (mysql_query ("select * from where
admin
= ' username ' = ' $user ' or ' password ' = ' $pwd '") {
echo "user successfully logged in:"; br>} eles {
echo "user name or password error";
}
?

The

is a very simple piece of code that detects whether a user name or password is correct, but submits some sensitive code in some malicious attacker. The consequences are conceivable: there are 2 ways to inject the post judgment.
1. In the text box of the form form, enter "or ' 1 ' = 1" or "and 1=1"
in the query database statement should be:
SELECT admin from where login = ' user ' = ' or ' 1 ' =1 ' or ' Pass ' = ' xxxx '
of course there will not be any errors, because or in the statement of SQL represents and, or meaning. Of course the error is also indicated.
at the time, we had discovered that all the information of the current table could be queried after the SQL statement could be executed. For example: Correct administrator account and password for login intrusion.
fix 1:
use JavaScript scripts to filter special characters (not recommended, non-certified)
If the attacker disables JavaScript or can make a SQL injection attack:
Fix 2:
uses MySQL's own function to filter.
See code:

The code is as follows Copy Code

Omit operations such as connecting to a database.
$user =mysql_real_escape_string ($_post[' user ');
mysql_query ("select * from admin whrer ' username ' = ' $user '");
?>

Now that we've talked about XSS attacks, let's talk about XSS attacks and precautions.
Submit a form:

The code is as follows Copy Code

Receive file:

The code is as follows Copy Code

if (Empty ($_post[' Sub '])) {
echo $_post[' test '];
}

A very simple piece of code, here just simulates the next use scenario:
Join an attacker to commit

The code is as follows Copy Code

On the returned page, you should display the cookie information for the current page.
We can apply to some of the message boards (not filtered in advance), and then when the administrator reviews the change of information to steal cookie information, and sent to the attacker's space or mailbox. An attacker could use a cookie modifier to make a login invasion.
Of course there are a lot of solutions too. Here's an introduction to the most common way.
fix Scenario 1: use JavaScript to escape
Fix Scenario 2: escaping with PHP built-in functions
The code is as follows:

The code is as follows Copy Code
[Code]
if (Empty ($_post[' Sub '])) {
$str =$_post[' test '];
Htmlentities ($SRT);
Echo $srt;
}
[HTML]


Well, the cases and fixes for SQL injection attacks and XSS attacks are just about the same.

http://www.bkjia.com/PHPjc/629115.html www.bkjia.com true http://www.bkjia.com/PHPjc/629115.html techarticle This article simply describes the anti-XSS attacks in PHP and SQL injection in detail, you need to understand the friends can refer to the next. The XSS attack code follows the copy code of any code package that executes ...

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.