PHP Web site SQL Injection Vulnerability Solution

PHP Web site SQL Injection Vulnerability


I used the 360 online tool to detect a slight SQL injection vulnerability with 360 hints of open source code to put in, but always install unsuccessful Master masters to help solve the HA SQL injection vulnerability. I don't know how to get started. SQL injection PHP

Share to:

------Solution--------------------
You can look directly at the repair plan.
------Solution--------------------

Fatal error:call to undefined method Nodenav::getcounter () in E:\www\ecms\template_c\[email Protected][email protected] @list_zxft. htm on line 158

First, there should be a problem with Nodenav.
According to the prompt, open the program one by one to modify.
------Solution--------------------
Mainly anti-slash, single-double quotes, data filtering,
------Solution--------------------
Quick solution: Use a host of better quality (such as million nets)! Otherwise, even if you have no problem with the program, your site will be injected!

------Solution--------------------
Reference:

Quick solution: Use a host of better quality (such as million nets)! Otherwise, even if you have no problem with the program, your site will be injected!

Would like to hear the details
------Solution--------------------
Reference:

Quote: Reference:

Quick solution: Use a host of better quality (such as million nets)! Otherwise, even if you have no problem with the program, your site will be injected!

Would like to hear the details

If this is the case with a virtual host, multiple sites use a single host. Even if your site is secure, it is often the case with other sites on your console that are not secure.
------Solution--------------------
Reference:

Quote: Reference:

Quote: References:

Quick solution: Use a host of better quality (such as million nets)! Otherwise, even if you have no problem with the program, your site will be injected!

Would like to hear the details

If this is the case with a virtual host, multiple sites use a single host. Even if your site is secure, it is often the case with other sites on your console that are not secure.

Dude, you're okay, look at this.
The following are the main types of attacks for PHP websites:
1. Order Injection (Command injection)

2. Eval Injection (eval injection)

3. Client-side scripting Attack (script insertion)

4. Cross-site scripting attacks (Scripting, XSS)

5. SQL injection attack (SQL injection)

6. Cross-site request forgery attack (forgeries, CSRF)

7. Session hijacking (Sessions hijacking)

8, session fixed attack (session fixation)

9. HTTP response Split attack (HTTP Response splitting)

10 Files Upload Vulnerability (file Upload Attack)

11. Directory Traversal Vulnerability (directory traversal)

12. Remote file contains attack (inclusion)

13. Dynamic function Injection Attack (Variable Evaluation)

14. URL attack (URL attack)

15. Form submission Spoofing attack (spoofed form submissions)

16. HTTP request Spoofing Attack (spoofed HTTP requests)
------Solution--------------------
References:

Quote: References:

Quote: References:

Quote: References:

Quick solution: Use a host of better quality (such as million nets)! Otherwise, even if you have no problem with the program, your site will be injected!

Would like to hear the details

If this is the case with a virtual host, multiple sites use a single host. Even if your site is secure, it is often the case with other sites on your console that are not secure.

Dude, you're okay, look at this.
The following are the main types of attacks for PHP websites:
1. Order Injection (Command injection)

2. Eval Injection (eval injection)

3. Client-side scripting Attack (script insertion)

4. Cross-site scripting attacks (Scripting, XSS)

5. SQL injection attack (SQL injection)

6. Cross-site request forgery attack (forgeries, CSRF)

7. Session hijacking (Sessions hijacking)

8, session fixed attack (session fixation)

9. HTTP response Split attack (HTTP Response splitting)

10 Files Upload Vulnerability (file Upload Attack)

11. Directory Traversal Vulnerability (directory traversal)

12. Remote file contains attack (inclusion)

13. Dynamic function Injection Attack (Variable Evaluation)

14. URL attack (URL attack)

15. Form submission Spoofing attack (spoofed form submissions)

16. HTTP request Spoofing Attack (spoofed HTTP requests)

This is the PHP block, if the 1th server host is not ready, but also what is the use of these?
------Solution--------------------
Use PDO as much as possible.

