PHP: Test SQL injection and prevent SQL injection

When writing login registration found the SQL and JS inject this harm site user behavior:

Test method:

SQL injection:

1 Let's do a test first: 2 # 3 Password: Write more than 8 people 4 Verification code: write correctly

All right, that's it, just go in:

Concept

If the user fills out the form or other data, through some special data form, has made the illegal influence to the SQL behavior, is called SQL injects!

Basic principle

SQL statements that are executed normally:

1 Select *  from where admin_name='zhouyang' and Admin_pass=MD5 ( ' 12345678 ')

SQL statement that was not executed properly:

1 Select *  from where admin_name='or1 #' and admin_pass=md5 ( '123654uiykgjfhdsav')

Split Analysis:

Because # is an annotation in an SQL statement, the above SQL statement really does:

1 Select *  from where admin_name='or1

Obviously, the result of the execution above is that the condition behind the where is always true! is actually equivalent to:

1 Select *  from Bg_admin

In other words, as long as the Bg_admin table has a normal administrative user, you can query to the data!

In fact, there are many "user names" that can be injected into SQL, such as:

' or 1 or '

1 Select *  from where admin_name="or1or" and Admin_ Pass=MD5 ('ewsdfgbnvb')

Special emphasis:

1, not only when the user logged in, the SQL statement can be injected, any other user's data as long as the implementation, it is possible to inject!

2, SQL injection is very harmful, and sometimes you can even delete the entire database on the server:

Like what:

The user name is:' or 1;drop database php2010;#

Attention:

MySQL database default has information_schema, all database names and other information are stored inside, these databases are easy to get to the default database name!

Solution Solutions

1, in business logic prevention, such as requiring the user name can only be composed of certain characters (such as the number of letters underlined) (using regular expressions)

2, using PHP function addslashes(most commonly used)

which

Strip_tags (Trim ($data) is to prevent JS injection!!

1    /* * 2      * Security filtering of User data 3      */ 4     protected function escapedata ($data) {5         returnaddslashes (strip_tags(trim($data))); 6     

3, use the data escape function provided by MySQL:mysql_real_escape_string ($data, $link); But one prerequisite is that you must connect to the database before you can use it!

4, using preprocessing techniques, because preprocessing is forcing the structure and data parts of SQL statements to be separated!

PHP: Test SQL injection and prevent SQL injection