SQL rounding PHP and SQL injection attack prevention tips

Source: Internet
Author: User
Tags sql injection attack
Let's talk about how SQL injection attacks are implemented and how to prevent them.
See this example:

Copy the Code code as follows:


supposed input
$name = "Ilia"; DELETE from users; ";
mysql_query ("SELECT * from users WHERE name= ' {$name} '");


It is clear that the last command executed by the database is:
SELECT * from users WHERE Name=ilia; DELETE from users
This has disastrous consequences for the database – all records have been deleted.
However, if the database you are using is MySQL, then fortunately, the mysql_query () function does not allow you to perform such operations directly (multiple statement operations cannot be done on a single line), so you can rest assured. If you are using a database that is SQLite or PostgreSQL to support such statements, then you will face extinction.
As mentioned above, SQL injection is mainly to commit unsafe data to the database to achieve the purpose of the attack. In order to prevent SQL injection attacks, PHP comes with a function to process the input string, the input can be in the lower level of security preliminary processing, also known as Magic Quotes. (PHP.ini MAGIC_QUOTES_GPC). If the MAGIC_QUOTES_GPC option is enabled, then the single quotation marks, double quotes, and some other characters in the input string will be automatically preceded by a backslash \.
But Magic quotes is not a very general solution, it does not block all potentially dangerous characters, and magic quotes is not enabled on many servers. So there are a number of other ways we need to prevent SQL injection.
Many databases themselves provide this input data processing capability. For example, PHP's MySQL operator function has a function called mysql_real_escape_string () that can escape special characters and characters that might cause errors in database operations.
Look at this code:

Copy the Code code as follows:


If the Magic quotes function is enabled
if (GET_MAGIC_QUOTES_GPC ()) {
$name = Stripslashes ($name);
}else{
$name = mysql_real_escape_string ($name);
}
mysql_query ("SELECT * from users WHERE name= ' {$name} '");


Note that before we use the functionality of the database, it is important to determine if the magic quotes is turned on, as in the previous example, or else two repetitions will go wrong. If MQ is enabled, we have to add the \ minus to get the real data.
In addition to preprocessing the data in the above-mentioned string form, you should also pay attention to preprocessing when storing binary data into the database. Otherwise, the data may conflict with the storage format of the database itself, causing the database to crash, data records to be lost, and even the entire library's data to be lost. Some databases, such as PostgreSQL, provide a function pg_escape_bytea (), which is designed to encode binary data, which can encode data similar to Base64.
Such as:

Copy the Code code as follows:


For Plain-text data use:
Pg_escape_string ($regular _strings);
For binary data use:
Pg_escape_bytea ($binary _data);


In another case, we have to adopt such a mechanism. That is, the database system itself does not support multi-byte languages such as Chinese, Japanese and so on. Some of them overlap the range of ASCII and binary data.
However, encoding the data will likely result in invalid query statements such as like abc%.

The above describes the SQL rounding PHP and SQL injection attack prevention tips, including SQL rounding aspects of the content, I hope that the PHP tutorial interested in a friend helpful.

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.