Some questions about SQL injection. URL injection.
Source: Internet
Author: User
Some questions about SQL injection... URL injection .... use some SQL injection tools to check your background... it is found that the display can be injected .. I want to learn how to prevent injection. all illegal characters have been filtered out in form detection ..... I don't know how to filter out invalid characters from the URL... I want to figure out the URL injection principle and anti-injection methods ...... some SQL injection problems in the tool... URL injection ....
Use some SQL injection tools to detect your own background... found that the display can be injected... I 'd like to ask how to prevent injection.
All invalid characters have been filtered out in form detection .....
I don't know how to filter out invalid characters from the URL...
I want to figure out the URL injection principle and anti-injection methods ......
Some of the tools do not quite understand
Xxxx.com/adminlogin.php/##/and/##/1#1
Bytes /*
How did I submit a query from the address?
------ Solution --------------------
Theoretically, as long as the incoming data is directly applied to SQL commands without processing, there is a possibility of SQL injection.
How can we evaluate the damage caused by SQL injection?
1. php has taken measures to prevent SQL injection: only one SQL command can be executed at a time. This cut off the way to cause catastrophic harm by restructuring SQL commands. (Add delete and drop)
2. one exception is mysqli_multi_query, which allows multiple commands to be executed at a time. The resulting risks must be borne by the user.
3. Changing the query conditions (Hengcheng Li) does not constitute a threat. at most, intruders have the permissions of the website administrator. this can be solved by inserting an administrator with a special name. Exit the program after checking that the user name is the name.
4. you can see the data that shouldn't have been displayed in this column, but this does not affect the normal browsing of other users.
In short, you don't have to worry about changing things.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.