I call you SQL injection Defense (PHP syntax)

Copyright Notice: Https://github.com/wusuopubupt

Gossip doesn't say, come straight!

Theoretical supplement: 1.http://blog.csdn.net/wusuopubupt/article/details/8752348

2.http://www.cnblogs.com/hkncd/archive/2012/03/31/2426274.html

1. What is SQL injection, poke Wikipedia view

2. Local Test code:

If the form is submitted correctly, print Hello, "username"

Otherwise, print "404 Not found!"

[PHP]View Plaincopy

2. <?php
4. require ' config.php ';
6. $DBConnection = mysql_connect ( "$dbhost", "$dbuser", "$dbpwd");
8. mysql_select_db ( "$dbdatabase");
12. if (isset ($_get[' submit ')) && $_get[' Submit ']) {
14. $sql ="SELECT * from Test where name= '". $_get[' username']. "' and password=' ". $_get[' Password']." ' ";
16. //echo $sql; exit;
18. $result =mysql_query ($sql,$DBConnection);
20. $num =mysql_num_rows ($result);
22. if ($num >=1)
24. {
26. echo "Hello,".   $_get[' username '];
28. }
30. else {
32. echo"404 Not Found";
34. }
36. }
38. ?>
40. <form action="login.php" method="GET" >
42. <table>
44. <tr>
46. <td>username</td>
48. <td><input type="textbox" Name="username"/></td>
50. <td>password</td>
52. <td><input type= "textbox" name="password" ></td>
54. <td>submit</td>
56. <td><input type="Submit" Name="Submit" ></td>
58. </tr>
60. </table>
62. </form>

3. The browser interface displays:

4. Plays, SQL injection:

5. Principle-Why is the user name not correct, but can display hello?

I can echo it:

[PHP]View Plaincopy

1. <span style="FONT-SIZE:18PX;" >$sql ="SELECT * from Test where name= '". $_get[' username']. "' and password=' ". $_get[' Password']." ' ";
2. echo $sql; Exit;</span>

Show:

Get the query in my MySQL database:

Can see, actually can find the information, because the SQL statement, the first half of the single quotation marks are closed, the latter half of the single quotation mark is "--" to comment out, in the middle of an ever-established condition "1=1", which causes any character to successfully login results.

6. Summary:

1) In fact, this SQL injection process is very simple, the difficult place is to submit SQL injection statement flexibility above, the use of single quotes is critical, in addition, multi-use echo print debugging is also worth a try ~ ~

2) Get method to submit the form is dangerous, so use the POST Method!

Reference: http://blog.csdn.net/gideal_wang/article/details/4316691

3) Prevent SQL injection: As you can see, SQL injection is the user submits some illegal characters (such as the single quotation mark of this article and the comment number of the SQL statement--and the backslash \ etc.), so we need to escape: htmlspecialchars function, Mysql_read_escape_ String functions can be implemented.

4) JS section verification form, jsp/php and other background to verify the code?

---need, because friebug can disable JS ...

--------------------------------------------------------------------------

Update

The above method, when password through MD5 encryption, can not be injected, then on the username to tamper with:

The content behind the username is commented out. haha ~

Reference: Http://newaurora.pixnet.net/blog/post/166231341-sql-injection-%E7%AF%84%E4%BE%8B (%e7%99%bb%e5%85%a5%e7%af% 84%E4%BE%8B)

by Wusuopubupt

I call you SQL injection Defense (PHP syntax)