PHP development and SQL injection attack methods

SQL injection attacks are the most common means for hackers to attack websites. If your site does not use strict user input tests, it is often vulnerable to SQL injection attacks. SQL injection attacks are usually implemented by submitting bad data or query statements to the site database.

SQL injection attacks are the most common means for hackers to attack websites. If your site does not use strict user input tests, it is often vulnerable to SQL injection attacks. SQL injection attacks are usually implemented by submitting bad data or query statements to the site database, which may expose, change, or delete records in the database. Next we will talk about how SQL injection attacks are implemented and how to prevent them.

Let's look at this example:

// Supposedinput

Name = "ilia '; DELETEFROMusers ;";

Mysql_query ("SELECT * FROMusersWHEREname = '{name }'");

Obviously, the command executed by the database is:

SELECT * FROMusersWHEREname = ilia; DELETEFROMusers

This has disastrous consequences for the database-all records have been deleted.

However, if your database is MySQL, you can rest assured that the mysql_query () function does not allow direct execution of such operations (multiple statement operations cannot be performed in a single row. If the database you are using is SQLite or PostgreSQL and supports such a statement, you will face a disaster recovery.

As mentioned above, SQL injection mainly submits insecure data to the database for attack purposes. To prevent SQL injection attacks, PHP comes with a function that can process input strings. it can perform preliminary security processing on the input at a lower level, that is, MagicQuotes. (Php. inimagic_quotes_gpc ). If the magic_quotes_gpc option is enabled, the single quotation marks, double quotation marks, and other characters in the input string will be automatically followed by a backslash \.

However, MagicQuotes is not a common solution. it fails to block all potentially dangerous characters and MagicQuotes is not enabled on many servers. Therefore, we also need to use other methods to prevent SQL injection.

Many databases provide such input data processing functions. For example, a MySQL operation function in PHP contains a function named mysql_real_escape_string (), which can escape special characters and characters that may cause database operation errors.

Read this code:

// If MagicQuotes is enabled

If (get_magic_quotes_gpc ()){

Name = stripslashes (name );

} Else {

Name = mysql_real_escape_string (name );

}

Mysql_query ("SELECT * FROMusersWHEREname = '{name }'");

Note: Before using the functions provided by the database, you must determine whether MagicQuotes is enabled, as in the previous example. Otherwise, an error occurs when two duplicate operations are performed. If MQ is enabled, remove the added \ to obtain real data.

In addition to preprocessing data in the preceding string format, you must also perform preprocessing when storing Binary data to the database. Otherwise, the data may conflict with the storage format of the database, causing database crash, data record loss, or even data loss of the entire database. Some databases, such as PostgreSQL, provide a function pg_escape_bytea () specifically used to encode binary data. it can encode data like Base64.

For example:

// Forplain-textdatause:

Pg_escape_string (regular_strings );

// Forbinarydatause:

Pg_escape_bytea (binary_data );

In another case, we also need to adopt this mechanism. That is, the database system itself does not support multi-byte languages such as Chinese and Japanese. Some ASCII ranges overlap with those of binary data.

However, encoding data may result in invalid query statements such as LIKEabc %.