Full PHP vulnerability solution (5)-SQL injection attacks

Abstract: This article mainly introduces SQL injection attacks against PHP websites. The so-called SQL injection attack means that some programmers do not judge the validity of user input data when writing code, so that the application has security risks. You can submit a piece of database query code to obtain the desired data based on the results returned by the program .... SQL Injection attacks are specially crafted SQL statements submitted by attackers in the form to modify the original SQL statements. if the web program does not check the submitted data, this will cause SQL injection attacks.

General steps for SQL injection attacks:

1. attackers can access websites with SQL injection vulnerabilities to find injection points.

2. attackers construct injection statements, which are combined with the SQL statements in the program to generate new SQL statements.

3. the new SQL statement is submitted to the database for processing.

4. the database executes new SQL statements, triggering SQL injection attacks.

Instance

Database

Create table 'postmessage' ('id' int (11) not null auto_increment, 'subobject' varchar (60) not null default ", 'name' varchar (40) not null default ", 'Email 'varchar (25) not null default", 'Question 'mediumtext not null, 'postdate' datetime not null default '2017-00-00 00:00:00 ′, primary key ('id') ENGINE = MyISAM default charset = gb2312 COMMENT = 'Caller's message 'AUTO_INCREMENT = 69; grant all privileges on ch3. * to 'sectop' @ localhost identified by '000000'; // add. insert a message in php // list. php message list // show. php display message

Page http://www.netsos.com.cn/show.php? Id = 71 there may be injection points. let's test

Http://www.netsos.com.cn/show.php? Id = 71 and 1 = 1

Test again. The vulnerability has been fixed.

The above is the full PHP vulnerability solution (5)-content of SQL injection attacks. For more information, see PHP Chinese website (www.php1.cn )!