Home > Developer > MySQL

SQL injection Vulnerability solution in MySQL and PHP

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

SQL injection vulnerabilities are a major security hazard for many PHP programs, resulting from the fact that Web developers allow the end user to manipulate variables (such as displaying information based on the form submission) when executing statements to the database, typically global variables such as _get, _post, or _session.

Let's look at the following code:

The following is a reference to the content: Php
query = "Select News_title, News_text";
Query. = "from News";
Query. = "Where news_id=". _get[' id '];

mysql_query (query);
?>

It would be a serious mistake to think that the _get[' ID ' would always be a numeric value. The end user can change the value of this variable, for example, "0; Delete from news;, the query statement becomes the following value:

Select News_title, News_text from news Where news_id=0; Delete from News;

This will have very serious consequences.

Validating numeric data

Numeric data is the easiest to verify, PHP has a self-contained function called is_numeric () can return ture value to determine whether it is a numeric type, this function is not MySQL, so you can use in any database platform PHP program to use in validating numbers.

Here is the modified code:

The following is a reference to the content: Php
if (!is_numeric (_get[' id '))
{
ID ' s not numeric?
Kill the script before the query can run
Die ("The ID must be numeric!");
}

query = "Select News_title, News_text";
Query. = "from News";
Query. = "Where news_id=". _get[' id '];

mysql_query (query);
?>

Validating non-numeric data

Validation of non-numeric data slightly troublesome. PHP has a special function called Magic quotes. When it activates, PHP automatically filters out the backslash (\), double quotes ("), single quotes ('), and white-space characters in the _get and _post global variables. The problem is that not all servers can turn on this feature, so it's important to check if the server is open. You can use the GET_MAGIC_QUOTES_GPC () function to determine whether the MAIGC quotes feature is turned on.
In the MySQL query statement you can use the mysql_real_escape_string () function to enhance security, the code is as follows:

The following is a reference to the content: Php
Fix a _post variable called FirstName for MySQL
FirstName = _post[' firstName '];
if (GET_MAGIC_QUOTES_GPC ())
{
If Magic Quotes is Enabled-turn the string back into a unsafe string
FirstName = Stripslashes (firstName);
}

Now convert the unsafe string into a MySQL safe string
Firstname= mysql_real_escape_string (firstName);

FirstName should now is safe to insert into a query
?>

Output to Page

To correctly display quotes and backslashes in characters, use the stripslashes () function

The following is a reference to the content: Php
FirstName = _post[' firstName '];
if (GET_MAGIC_QUOTES_GPC ())
{
If Magic Quotes is Enabled-turn the string back into a unsafe string
FirstName = Stripslashes (firstName);
}

Now convert the unsafe string into a MySQL safe string
FirstName = mysql_real_escape_string (firstName);

Safe Query
mysql_query (Insert into Names VALUES ('). FirstName. "')");

Page output should look proper
echo "Hello". Htmlentities (Stripslashes (firstName));
?>

Final integration

Finally you can create a simple function to solve in PHP if the MySQL query characters securely. It is important to note that if you want to output to a Web page, you also need to use stripslashes.

The
PHP
Function Verifyinput (input, Forceint = False)
{
if (is_numeric (input)
{
return input;
}
ElseIf (!forceint)
{
if (GET_MAGIC_QUOTES_GPC ())
{
//If magic quotes is enabled, get rid of tho SE
//Pesky slashes
input = stripslashes (input);
}

//Convert the input variable into a MySQL safe string.
input = mysql_real_escape_string (input);

return input;
}
Else
{
//If input not an integer and Forceint = True,
//Kill Script
Die ("Invalid input");

}

///_post[' name '] should be a string
//_post[' ID '] should is a integer, if not the script dies
ID = _post[' id '];
name = _post[' name '];

Query = "Update users SET name=". Verifyinput (name). " ";
Query. = "Where id=". Verifyinput (ID, true);

//query should be safe to run
mysql_query (query);
?>


This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More