One of the full blocks of SQL injection attacks in PHP

In this series of articles, we will explore comprehensively how to block SQL injection attacks in the PHP development environment and give a specific development example.

First, the introduction

PHP is a powerful but fairly easy to learn server-side scripting language that even inexperienced programmers can use to create complex, dynamic Web sites. However, it often has many difficulties in achieving the secrecy and security of Internet services. In this series, we'll introduce the security background and PHP-specific knowledge and code that are necessary for web development-you can protect your own Web application's security and consistency. First, let's briefly review server security issues-show you how to access private information in a shared hosting environment, get developers off the production server, maintain the latest software, provide encrypted channels, and control access to your system.

We then discuss the pervasive vulnerabilities in the PHP script implementation. We will explain how to protect your scripts from SQL injection, prevent cross-site scripting and remote execution, and prevent "hijacking" of temporary files and sessions.

In the last installment, we will implement a secure Web application. You will learn how to authenticate users, authorize and track application use, avoid data loss, securely execute highly risky system commands, and be able to safely use Web services. Whether you have enough PHP security development experience, this series of articles will provide a wealth of information to help you build a more secure online application.

Second, what is SQL injection

If you're going to never use some data, it makes no sense to store them in a database because the database is designed to facilitate access and manipulation of data in the database. However, if you simply do this, it can lead to potential disaster. This is not primarily because you may accidentally delete everything in your database, but because when you try to accomplish an "innocent" task, you are likely to be "hijacked" by someone-using his own destructive data to replace your own data. We call this substitution "injection".

In fact, whenever you require user input to construct a database query, you are allowing the user to participate in building a command to access the database server. A friendly user may feel satisfied with the implementation of such an operation, however, a malicious user will try to find a way to distort the command, causing the distorted command to delete data and even more dangerous things. As a programmer, your task is to find a way to avoid such malicious attacks.

Three, SQL injection working principle

Constructing a database query is a very straightforward process. Typically, it will follow the following ideas. Just to illustrate the problem, we will assume that you have a wine database table "Wines", which has a field of "variety" (i.e. wine type):

1. Provide a form-allows users to submit certain content to search for. Let's assume that the user chooses to search for a wine of type "Lagrein".

2. Retrieve the user's search term and save it-by assigning it to a variable that looks like this:

$variety = $_POST['variety'];

Therefore, the value of the variable $variety is now:

lagrein

3. Then, use the variable to construct a database query in the WHERE clause:

$query = "SELECT * FROM wines WHERE variety='$variety'";

Therefore, the value of the variable $query now looks like this:

SELECT * FROM wines WHERE variety='lagrein'

4. Submit the query to the MySQL server.

5. mysql returns all records in the wines table-where the value of the field variety is "Lagrein".

So far, this should be a familiar and very relaxing process. Unfortunately, sometimes the processes we are familiar with and feel comfortable with can easily lead to complacency. Now, let's re-examine the query we just built.

1. The fixed portion of the query you create ends with a single quote, which you will use to describe the beginning of the variable value:

$query = " SELECT * FROM wines WHERE variety = '";

2. Use the original invariant part and the value that contains the user-submitted variable:

$query .= $variety;