PHP and SQL injection attacks [1] Haohappy
Http://blog.csdn.net/Haohappy2004
SQL injection attacks are the most common means for hackers to attack websites. If your site does not use strict user input tests, it is very vulnerable to SQL injection attacks. SQL injection attacks are usually implemented by submitting bad data or query statements to the site database, which may expose, change, or delete records in the database. Next we will talk about how SQL injection attacks are implemented and how to prevent them.
Let's look at this example:
// Supposed input
$ Name = "ilia '; delete from users ;";
Mysql_query ("SELECT * FROM users WHERE name = '{$ name }'");
Obviously, the command executed by the database is:
SELECT * FROM users WHERE name = ilia; delete from users
This has disastrous consequences for the database-all records have been deleted.
However, if your database is MySQL, you can rest assured that the mysql_query () function does not allow direct execution of such operations (multiple statement operations cannot be performed in a single row. If the database you are using is SQLite or PostgreSQL and supports such a statement, you will face a disaster recovery.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.