Defense Against xss attacks and SQL Injection in php

This article briefly describes how to defend against xss attacks and SQL Injection in php. If you need to know more, refer to.

XSS attacks

The Code is as follows:	Copy code
Arbitrary Code Execution File Inclusion and CSRF. }

There are many articles about SQL attacks and various injection scripts, but none of them can solve the fundamental problem of SQL injection.
See the Code:

The Code is as follows:	Copy code
<? Php Mysql_connect ("localhost", "root", "123456") or die ("database connection failed! "); Mysql_select_db ("test1 "); $ User = $ _ post ['uid']; $ Pwd = $ _ POST ['pass']; If (mysql_query ("SELECT * from where Admin = 'Username' = '$ user' or 'Password' =' $ pwd '"){ Echo "the user has successfully logged on .."; } Eles { Echo "User Name or Password error "; } ?>

A simple piece of code is used to check whether the user name or password is correct. However, some malicious attackers can submit some sensitive code. The consequences can be imagined. There are two methods to determine post injection.
1. Enter "or '1' = 1" or "and 1 = 1" in the form text box"
The statement to query the database should be:
SELECT admin from where login = 'user' = ''or '1' = 1' or 'pass' = 'xxx'
Of course, there will be no errors because or represents and or in SQL statements. Of course, an error will also be prompted.
At that time, we found that all information of the current table can be queried after the SQL statement can be executed. For example, use the correct Administrator account and password for Logon intrusion ..
Solution 1:
Use javascript scripts to filter out special characters (not recommended, and the indicator is not cured)
If javascript is disabled, attackers can still launch SQL injection attacks ..
Solution 2:
Use the built-in functions of mysql for filtering.
See the Code:

The Code is as follows:	Copy code
<? Php // Skip operations such as database connection .. $ User = mysql_real_escape_string ($ _ POST ['user']); Mysql_query ("select * from admin whrer 'username' = '$ user '"); ?>

Since we have mentioned xss attacks, let's talk about XSS attacks and prevention ..
Submit Form:

The Code is as follows:	Copy code
<Form method = "post" action = ""> <Intup tyep = "text" name = "test"> <Intup tyep = "submit" name = "sub" value = "submit"> </Form> Received file:

 

The Code is as follows:	Copy code
If (empty ($ _ POST ['sub']) { Echo $ _ POST ['test']; }

A very simple piece of code. Here we just simulate the use scenario ..
Join the attacker to submit

The Code is as follows:	Copy code
<Script> alert (document. cookie); </script>

The returned page displays the cookie information on the current page.
We can use some message boards (which are not filtered in advance). Then, when the Administrator reviews and modifies the information, the COOKIE information is stolen and sent to the attacker's space or mailbox .. Attackers can use the cookie modifier to perform login intrusion ..
Of course, there are also many solutions .. The following describes the most common method.
Solution 1:Escape using javascript
Solution 2:Escape using php built-in functions
The Code is as follows:

The Code is as follows:	Copy code
[Code] If (empty ($ _ POST ['sub']) { $ Str = $ _ POST ['test']; Htmlentities ($ srt ); Echo $ srt; } [Html]

 
Well, the cases about SQL injection and XSS attacks are similar to the restoration methods.