PHP and SQL injection attack _ PHP Tutorial

PHP and SQL injection attacks. SQL injection attacks are the most common means for hackers to attack websites. If your site does not use strict user input tests, it is often vulnerable to SQL injection attacks. SQL injection attacks are usually the most common means for hackers to attack websites. If your site does not use strict user input tests, it is often vulnerable to SQL injection attacks. SQL injection attacks are usually implemented by submitting bad data or query statements to the site database, which may expose, change, or delete records in the database. Next we will talk about how SQL injection attacks are implemented and how to prevent them.

Let's look at this example:

// Supposed input

$ Name = "ilia '; delete from users ;";

Mysql_query ("SELECT * FROM users WHERE name = '{$ name }'");

Obviously, the command executed by the database is:

SELECT * FROM users WHERE name = ilia; delete from users

This has disastrous consequences for the database-all records have been deleted.

However, if your database is MySQL, you can rest assured that the mysql_query () function does not allow direct execution of such operations (multiple statement operations cannot be performed in a single row. If the database you are using is SQLite or PostgreSQL and supports such a statement, you will face a disaster recovery.

As mentioned above, SQL injection mainly submits insecure data to the database for attack purposes. To prevent SQL injection attacks, PHP comes with a function that can process input strings and perform initial security processing on the input at a lower level, that is, Magic Quotes. (Php. ini magic_quotes_gpc ). If the magic_quotes_gpc option is enabled, the single quotation marks, double quotation marks, and other characters in the input string will be automatically followed by a backslash.

However, Magic Quotes is not a common solution. it does not block all potentially dangerous characters and Magic Quotes is not enabled on many servers. Therefore, we also need to use other methods to prevent SQL injection.

Many databases provide such input data processing functions. For example, a MySQL operation function in PHP contains a function named mysql_real_escape_string (), which can escape special characters and characters that may cause database operation errors.

Read this code:

// If Magic Quotes is enabled

If (get_magic_quotes_gpc ()){

$ Name = stripslashes ($ name );

} Else {

$ Name = mysql_real_escape_string ($ name );

}

Mysql_query ("SELECT * FROM users WHERE name = '{$ name }'");

Note: Before using the functions provided by the database, you need to determine whether Magic Quotes is enabled, as in the previous example. Otherwise, an error occurs when two duplicate operations are performed. If MQ is enabled, we need to remove the added information to obtain real data.

In addition to preprocessing data in the preceding string format, you must also perform preprocessing when storing Binary data to the database. Otherwise, the data may conflict with the storage format of the database, causing database crash, data record loss, or even data loss of the entire database. Some databases, such as PostgreSQL, provide a function pg_escape_bytea () specifically used to encode binary data. it can encode data like Base64.

For example:

// For plain-text data use:

Pg_escape_string ($ regular_strings );

// For binary data use:

Pg_escape_bytea ($ binary_data );

In another case, we also need to adopt this mechanism. That is, the database system itself does not support multi-byte languages such as Chinese and Japanese. Some ASCII ranges overlap with those of binary data.

However, encoding data may result in invalid query statements such as LIKE abc %.

Bytes. If your site does not use strict user input tests, it is often vulnerable to SQL injection attacks. SQL injection attacks are usually carried out through...