Sqli-labs Clearance Transcript -18-Audit SQL injection 2

Source: Internet
Author: User
Tags mysql connect

1<?PHP2 //including the Mysql connect parameters.3Include".. /sql-connections/sql-connect.php");4Error_reporting (0);5     6 function Check_input ($value)7     {8     if(!empty ($value))9         {Ten         //truncation (see comments) One$value = substr ($value,0, -); A         } -  -         //stripslashes if Magic quotes enabled the         if(GET_MAGIC_QUOTES_GPC ()) -             { -$value =stripslashes ($value); -             } +  -         //Quote If not a number +         if(!ctype_digit ($value)) A             { at$value ="'". Mysql_real_escape_string ($value)."'"; -             } -          -     Else -         { -$value =intval ($value); in         } -     return$value; to     } +  -  the  *$uagent = $_server['http_user_agent']; #$_server[' http_user_agent ' means the user_agent of the current request: the contents of the header. More $_server Detailed: http://www.cnblogs.com/xishaonian/p/6160893.html $$IP = $_server['REMOTE_ADDR']; #当前用户的IPPanax NotoginsengEcho"<br>"; -Echo'Your IP address is:'. $IP; theEcho"<br>"; +     //Echo ' Your User Agent is: '. $uagent; A //Take the variables the if(Isset ($_post['uname']) && Isset ($_post['passwd'])) #判断uname和passwd是否输入了 +  -     { $$uname = Check_input ($_post['uname']); #使用check_inpuut函数对传过来的uname进行过滤 $$passwd = Check_input ($_post['passwd']); #使用check_input函数对传过来的passwd进行过滤 -      -      theEcho'Your Your User Name:'. $uname; -Echo"<br>";WuyiEcho'Your Password:'. $passwd; theEcho"<br>"; -Echo'Your User Agent String:'. $uagent; WuEcho"<br>"; -Echo'Your User Agent String:'. $IP; About      $  -     //Logging The connection parameters to a file for analysis.  -$FP =fopen ('Result.txt','a'); -Fwrite ($FP,'User Agent:'. $uname."\ n"); A      + fclose ($fp); the      -      $      the$sql ="SELECT Users.username, Users.password from the users WHERE users.username= $uname and users.password= $passwd ORDER by user S.id DESC LIMIT 0,1"; the$result 1 =mysql_query ($sql); #执行 $sql This SQL statement. Mysql_query is the meaning of executing MySQL.  the$row 1 =mysql_fetch_array ($result 1); the         if($row 1) #如果 $row 1 is True -             { inEcho'<font color= "#FFFF00" Font size = 3 >'; the$insert ="INSERT into ' security '. ' Uagents ' (' uagent ', ' ip_address ', ' username ') VALUES (' $uagent ', ' $IP ', $uname)"; the mysql_query ($insert); About             //Echo ' Your IP address is: '. $IP; theEcho"</font>"; the             //echo "<br>"; theEcho'<font color= "#0000ff" Font size = 3 >';  +Echo'Your User Agent is:'. $uagent; -Echo"</font>"; theEcho"<br>";Bayi Print_r (Mysql_error ());  theEcho"<br><br>"; theEcho''; -Echo"<br>"; -              the             } the         Else the             { theEcho'<font color= "#0000ff" Font size= "3" >'; -             //echo "Try again looser"; the Print_r (Mysql_error ()); theEcho"</br>";  theEcho"</br>";94Echo'';  theEcho"</font>";  the             } the 98     } About  -?>

Go ahead and write it tomorrow. We're off the grid.

Sqli-labs Clearance Transcript -18-Audit SQL injection 2

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.