Example of SQL injection vulnerability in php

This article describes examples of SQL Injection Vulnerabilities in php.

When developing a website, for security reasons, you need to filter the characters passed from the page. Generally, you can use the following interfaces to call the database content: URL address bar, logon interface, message board, and search box. This often leaves an opportunity for hackers. If it is light, data is leaked, and the server is heavy. 1. SQL injection step a) Find the injection points (such as the logon interface and message board) B) construct your own SQL statements (such as 'or 1 = 1 #, c) Send an SQL statement to the database management system (DBMS) d) DBMS to receive the request, interpret the request as a machine code instruction, and execute necessary access operations e) DBMS accepts and processes the returned results, and returns the results to the user because the user has constructed a special SQL statement, it must return special results (as long as your SQL statement is flexible enough ). Next, I will use an instance to demonstrate the SQL Injection II. Detailed description of the SQL Injection instance (the above test assumes that magic_quote_gpc is not enabled on the server) 1). First, we will demonstrate the SQL injection vulnerability, log on to the background administrator interface and create a data table for the test: the code is as follows: CREATETABLE 'users' ('id' int (11) not null AUTO_INCREMENT, 'username' varchar (64) not null, 'Password' varchar (64) not null, 'email 'varchar (64) not null, PRIMARYKEY ('id'), UNIQUEKEY 'username' ('username ')) ENGINE = MyISAM AUTO_INCREMENT = 3 default charset = latin1; add a record for testing: the code is as follows: INS ERTINTO users (username, password, email) VALUES ('marcofly ', md5 ('test'), 'marcofly @ test.com'); next, paste the source code of the logon interface: the code is as follows: