SQL injection
Example: script logic
$sql = "SELECT * FROM user WHERE UserID = $_get[userid]";
Case 1: SELECT * from T WHERE a like '%xxx% ' or (IF (Now=sysdate (), SLEEP (5), 1)) or B like ' 1=1 ';
Case 2:select * from T WHERE a > 0 and B in (497 and (SELECT * FROM (SELECT (SLEEP))));
Case 3:select * from T WHERE A=1 and B in (1234, (SELECT (5=5) then SLEEP (5) ELSE 5* (select 5 from Information_sch EMA. character_sets)));
Monitor the following methods sleep ()-The general SQL blinds are accompanied by the sleep () function, and generally sleep at least 5 seconds or more in mid () CHAR () ORD () sysdate () SUBSTRING () DATABASES () SCHEMA () USER () VERSION () Current_User () load_file () OUTFILE/dumpfileinformation_schematable_namefwrite ()/ fopen ()/file_get_contents ()-These are PHP file manipulation functions
Coping methods:
1.mysql_real_escape_string () Escape special characters (PHP 4 >= 4.3.0, PHP 5)
The following characters are affected: \x00//null\n for ASCII characters Upper go back to the front of the next line \ r//line break \//escape character \x1a False.
2.addslashes (): function returns a string that adds a backslash before a predefined character
predefined characters are: single quotation mark (') double quotation mark (") backslash (\) NULL
3.prepared statements (pretreatment mechanism)
<?Php$mysqli=NewMysqli ("example.com","User","Password","Database");if($mysqliConnect_errno) {echo"Failed to connect to MySQL: (". $mysqli->connect_errno.") ". $mysqliConnect_error;}/*non-prepared Statement*/if(! $mysqli->query ("DROP TABLE IF EXISTS test") || ! $mysqli->query ("CREATE TABLE Test (id INT)") {echo"Table creation failed: (". $mysqli->errno.") ". $mysqlierror;}/*Prepared statement, stage 1:prepare*/if(! ($stmt = $mysqli->prepare ("INSERT into Test (ID) VALUES (?)")) {echo"Prepare failed: (". $mysqli->errno.") ". $mysqlierror;}/*Prepared statement, stage 2:bind and execute*/$id=1;if(! $stmt->bind_param ("I", $id)) {echo"Binding Parameters failed: (". $stmt->errno.") ". $stmterror;}if(! $stmtExecute ()) {echo"Execute failed: (". $stmt->errno.") ". $stmterror;}?>
MySQL anti-SQL injection collection