In programming, programmers should consider not only code efficiency and code reuse, but also some security issues.
In programming, programmers should consider not only code efficiency and code reuse, but also some security issues.
For example, SQL injection attacks
XSS attacks
The Code is as follows:
Arbitrary Code Execution
File Inclusion and CSRF.
}
There are many articles about SQL attacks and various injection scripts, but none of them can solve the fundamental problem of SQL injection.
See the Code:
The Code is as follows:
Mysql_connect ("localhost", "root", "123456") or die ("database connection failed! ");
Mysql_select_db ("test1 ");
$ User = $ _ post ['uid'];
$ Pwd = $ _ POST ['pass'];
If (mysql_query ("SELECT * from where
Admin
= 'Username' = '$ user' or 'Password' =' $ pwd '"){
Echo "the user has successfully logged on ..";
} Eles {
Echo "User Name or Password error ";
}
?>
A simple piece of code is used to check whether the user name or password is correct. However, some malicious attackers can submit some sensitive code. The consequences can be imagined. There are two methods to determine post injection.
1. Enter "or '1' = 1" or "and 1 = 1" in the form text box"
The statement to query the database should be:
SELECT admin from where login = 'user' = ''or '1' = 1' or 'pass' = 'xxx'
Of course, there will be no errors because or represents and or in SQL statements. Of course, an error will also be prompted.
At that time, we found that all information of the current table can be queried after the SQL statement can be executed. For example, use the correct Administrator account and password for Logon intrusion ..
Solution 1:
Use javascript scripts to filter out special characters (not recommended, and the indicator is not cured)
If javascript is disabled, attackers can still launch SQL injection attacks ..
Solution 2:
Use the built-in functions of mysql for filtering.
See the Code:
The Code is as follows:
// Skip operations such as database connection ..
$ User = mysql_real_escape_string ($ _ POST ['user']);
Mysql_query ("select * from admin whrer 'username' = '$ user '");
?>
Since we have mentioned xss attacks, let's talk about XSS attacks and prevention ..
Submit Form:
The Code is as follows:
Received file:
The Code is as follows:
If (empty ($ _ POST ['sub']) {
Echo $ _ POST ['test'];
}
A very simple piece of code. Here we just simulate the use scenario ..
Join the attacker to submit
Script alert (document. cookie); script
The returned page displays the cookie information on the current page.
We can use some message boards (which are not filtered in advance). Then, when the Administrator reviews and modifies the information, the COOKIE information is stolen and sent to the attacker's space or mailbox .. Attackers can use the cookie modifier to perform login intrusion ..
Of course, there are also many solutions .. The following describes the most common method.
Solution 1: escape using javascript
Solution 2: escape using php built-in functions
The Code is as follows:
[Code]
If (empty ($ _ POST ['sub']) {
$ Str = $ _ POST ['test'];
Htmlentities ($ srt );
Echo $ srt;
}
[Html]
Well, the cases about SQL injection and XSS attacks are similar to the restoration methods.
Of course there are other solutions:
Example: Use the php framework
There are other methods .. Of course, XSS has a wide range of application and attack methods. This article only filters php submission methods. You need to study other methods by yourself ~
This article is published here: Aey uhost team (team. hake. cc). For more information, see copyright.
Y0umer
