SQL injection:
Under normal circumstances:
delete.php?id=3;
$sql = ' Delete from news where id = '. $_get[' id '];
Malicious situation:
delete.php?id=3 or 1;
$sql = ' Delete from news where id = 3 or 1 '; All records will be deleted when the-------is executed so
Relevant measures should be taken ... For example, before using the first to determine whether the number and so on.
To convince yourself that the information from the client is always unreliable!!
Escape:
Sometimes the data from the client may contain some special characters, such as single quotation marks, slashes, etc., so it needs to be escaped and escaped into normal characters, so it is necessary to use String Addslashes (String $str), which can escape a variable. However, if the elements in the array are escaped, a foreach loop array is used, as follows:
Copy the Code code as follows:
foreach ($_post as $k = = $v) {
if (is_string ($v)) {
$_post[$k] = addslashes ($v);
}
}
But if the array also contains an array, it should be escaped recursively, at this time using the
Array_walk_recursive (Array & $input, callback $funcname [, mixed $userdata])
Applies the user-defined function funcname to each cell in an array of array. This function is recursive to a deeper array. Typically, the funcname accepts two parameters. The value of the input parameter as the first, the key name as the second. If an optional parameter userdata is provided, it is passed as the third parameter to the callback funcname. Returns TRUE on success, or FALSE on failure
That is to say: with a custom function, at least two parameters can be received, and addslashes () can only receive one parameter, so the custom function is as follows:
Copy the Code code as follows:
Function A (& $v, $k) {
$v =addslashes ($v);
}
Array_walk_recursive (& $arr, ' a ');
Automatic system escape:
PHP, there is a concept of magic quotes, how to open? A: in PHP.ini, Magic_quotes_gpc=on; restart Apache
Magic quotation marks are opened, the system will automatically escape the $_get,$_post,$_cookie data, without the knowledge of the case, again manually escaped again, on the turn more, to be reasonable to escape, we must first determine whether the magic symbol has been opened, with Magic_quotes _GPC () to determine, do not need to pass the value, close returns 0, turn off return 1
Copy the Code code as follows:
if (!GET_MAGIC_QUOTES_GPC ()) {//If the magic quote is not open
Function _addslashes (& $v, $k) {
$v = Addslashes ($v);
}
Array_walk_recursive (&$_get, ' _addslashes ');
Array_walk_recursive (&$_post, ' _addslashes ');
Array_walk_recursive (&$_cookie, ' _addslashes ');
}
http://www.bkjia.com/PHPjc/327604.html www.bkjia.com true http://www.bkjia.com/PHPjc/327604.html techarticle SQL injection: Under normal circumstances: delete.php?id=3; $sql = ' Delete from news where id = '. $_get[' id ']; Malicious situation: delete.php?id=3 or 1; $sql = ' Delete from news where id = 3 or 1 '; ---...