This article briefly describes how to defend against xss attacks and SQL injection in php. if you need to know more, refer to. There are many articles about SQL attacks and various injection scripts, but none of them can solve the fundamental problem of SQL injection.
This article briefly describes how to defend against xss attacks and SQL injection in php. For more information, see the introduction.
The XSS attack instance code is as follows:
- Arbitrary code execution
- File inclusion and CSRF.
- }
There are many articles about SQL attacks and various injection scripts, but none of them can solve the fundamental problem of SQL injection.
The instance code is as follows:
-
- Mysql_connect ("localhost", "root", "123456") or die ("database connection failed! ");
- Mysql_select_db ("test1 ");
- $ User = $ _ post ['uid'];
- $ Pwd = $ _ POST ['pass'];
- If (mysql_query ("SELECT * from where
- Admin
- = 'Username' = '$ user' or 'password' =' $ pwd '"){
- Echo "the user has successfully logged on ..";
- } Eles {
- Echo "user name or password error ";
- }
- ?>
A simple piece of code is used to check whether the user name or password is correct, but some sensitive code is submitted by some malicious attackers. the consequences can be imagined. There are two methods for post to judge injection.
1. enter "or '1' = 1" or "and 1 = 1" in the form text box"
The statement to query the database should be:
SELECT admin from where login = 'user' = ''or '1' = 1' or 'pass' = 'XXX'
Of course, there will be no errors, because or represents and or in SQL statements. of course, an error will also be prompted.
At that time, we found that all information in the current table can be queried after the SQL statement can be executed. for example, the correct administrator account and password are used for logon intrusion ..
Solution 1:
Use javascript scripts to filter out special characters (not recommended, and the indicator is not cured)
If javascript is disabled, attackers can still launch SQL injection attacks ..
Solution 2:
Use the built-in functions of mysql to filter data.
The instance code is as follows:
-
- // Skip database connection and other operations ..
- $ User = mysql_real_escape_string ($ _ POST ['user']);
- Mysql_query ("select * from admin whrer 'username' = '$ user '");
- ?>
Now that we have talked about xss attacks, let's talk about XSS attacks and prevention ..
The example code for submitting a form is as follows:
-
The code for receiving a file is as follows:
- If (emptyempty ($ _ POST ['sub']) {
- Echo $ _ POST ['test'];
- }
A very simple piece of code. here we just simulate the use scenario ..
The code for adding an attacker to submit an instance is as follows:
- Script alert (document. cookie); script
The returned page displays the cookie information on the current page.
We can use some message boards (which are not filtered in advance). Then, when the administrator reviews and modifies the information, the COOKIE information is stolen and sent to the attacker's space or mailbox .. attackers can use the cookie modifier for login intrusion ..
Of course, there are many solutions... the most common method is described below.
Solution 1: escape using javascript
Solution 2: Escape using php built-in functions
The instance code is as follows:
- [Code]
- If (emptyempty ($ _ POST ['sub']) {
- $ Str = $ _ POST ['test'];
- Htmlentities ($ srt );
- Echo $ srt;
- }
- [Html]
Well, the cases about SQL injection and XSS attacks are similar to the restoration methods.