Attackers call SQL injection attacks (PHP syntax)

Source: Internet
Author: User

Don't talk about it. Come on!

1. http://www.bkjia.com/Article/200806/27934.html

2. http://www.bkjia.com/Article/201203/125690.html

 

1. What is SQL Injection? view it with the keyword wikipedia.

2. Local test code:

If the form is submitted correctly, print hello, "username"

Otherwise, print "404 not found !"

  1. <SPAN style = "FONT-SIZE: 18px"> <? Php
  2. Require 'config. php ';
  3. $ DBConnection = mysql_connect ("$ dbhost", "$ dbuser", "$ dbpwd ");
  4. Mysql_select_db ("$ dbdatabase ");
  5. If (isset ($ _ GET ['submit ']) & $ _ GET ['submit']) {
  6. $ SQL = "select * from test where name = '". $ _ GET ['username']. "'and password = '". $ _ GET ['Password']. "'";
  7. // Echo $ SQL; exit;
  8. $ Result = mysql_query ($ SQL, $ DBConnection );
  9. $ Num = mysql_num_rows ($ result );
  10. If ($ num> = 1)
  11. {
  12. Echo "hello,". $ _ GET ['username'];
  13. }
  14. Else {
  15. Echo "404 not found ";
  16. }
  17. }
  18. ?>
  19. <Form action = "login. php" method = "GET">
  20. <Table>
  21. <Tr>
  22. <Td> username </td>
  23. <Td> <input type = "textbox" name = "username"/> </td>
  24. <Td> password </td>
  25. <Td> <input type = "textbox" name = "password"> </td>
  26. <Td> submit </td>
  27. <Td> <input type = "submit" name = "submit"> </td>
  28. </Tr>
  29. </Table>
  30. </Form> </SPAN>
<?php require 'config.php';$DBConnection = mysql_connect ( "$dbhost", "$dbuser", "$dbpwd" );mysql_select_db ( "$dbdatabase" );    if(isset($_GET['submit']) && $_GET['submit']){    $sql="select * from test where name='".$_GET['username']."'and password='".$_GET['password']."'";//echo $sql;exit;$result=mysql_query($sql,$DBConnection);$num=mysql_num_rows($result);if($num>=1){echo "hello,".$_GET['username'];}else {echo"404 not found";}}?><form action="login.php" method="GET"><table><tr><td>username</td><td><input type="textbox" name="username"/></td><td>password</td><td><input type="textbox" name="password"></td><td>submit</td><td><input type="submit" name="submit"></td></tr></table></form>
3. Browser Interface display:

 

4. SQL injection:

 

5. Principle-why does the user name display hello if it is incorrect?

I can echo it:

 

$ SQL = "select * from test where name = '". $ _ GET ['username']. "'and password = '". $ _ GET ['Password']. "'";
  1. Echo $ SQL; exit; </SPAN>
$sql="select * from test where name='".$_GET['username']."'and password='".$_GET['password']."'";echo $sql;exit;

 

Display:

Query in my mysql database:

 

You can see that the information can be found, because in SQL statements, the first half of the single quotes are closed, and the last half of the single quotes are commented out, there is a permanent condition "1 = 1" in the middle, which leads to the successful login of any character.

6. Summary:

1) In fact, this SQL injection process is very simple. The difficulty lies in the flexibility of submitting SQL Injection statements. The use of single quotes is critical. In addition, it is worth a try to debug the echo printing function ~~

2) It is dangerous to submit a form in the GET method, so use the POST method!

3) Prevent SQL injection: it can be seen that SQL injection is an illegal character submitted by the user (for example, the single quotation mark 'In this article, the Comment Number of the SQL statement --, And the backslash ), you must use the escape: htmlspecialchars function, and mysql_read_escape_string function.

4) is the JS verification form required in the backend, such as JSP and PHP?

--- Yes. JS can be disabled due to friebug.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.