1<?PHP2 //including the Mysql connect parameters.3Include".. /sql-connections/sql-connect.php");4Error_reporting (0);5 6 function Check_input ($value)7 {8 if(!empty ($value))9 {Ten //truncation (see comments) One$value = substr ($value,0, -); A } - - //stripslashes if Magic quotes enabled the if(GET_MAGIC_QUOTES_GPC ()) - { -$value =stripslashes ($value); - } + - //Quote If not a number + if(!ctype_digit ($value)) A { at$value ="'". Mysql_real_escape_string ($value)."'"; - } - - Else - { -$value =intval ($value); in } - return$value; to } + - the *$uagent = $_server['http_user_agent']; #$_server[' http_user_agent ' means the user_agent of the current request: the contents of the header. More $_server Detailed: http://www.cnblogs.com/xishaonian/p/6160893.html $$IP = $_server['REMOTE_ADDR']; #当前用户的IPPanax NotoginsengEcho"<br>"; -Echo'Your IP address is:'. $IP; theEcho"<br>"; + //Echo ' Your User Agent is: '. $uagent; A //Take the variables the if(Isset ($_post['uname']) && Isset ($_post['passwd'])) #判断uname和passwd是否输入了 + - { $$uname = Check_input ($_post['uname']); #使用check_inpuut函数对传过来的uname进行过滤 $$passwd = Check_input ($_post['passwd']); #使用check_input函数对传过来的passwd进行过滤 - - theEcho'Your Your User Name:'. $uname; -Echo"<br>";WuyiEcho'Your Password:'. $passwd; theEcho"<br>"; -Echo'Your User Agent String:'. $uagent; WuEcho"<br>"; -Echo'Your User Agent String:'. $IP; About $ - //Logging The connection parameters to a file for analysis. -$FP =fopen ('Result.txt','a'); -Fwrite ($FP,'User Agent:'. $uname."\ n"); A + fclose ($fp); the - $ the$sql ="SELECT Users.username, Users.password from the users WHERE users.username= $uname and users.password= $passwd ORDER by user S.id DESC LIMIT 0,1"; the$result 1 =mysql_query ($sql); #执行 $sql This SQL statement. Mysql_query is the meaning of executing MySQL. the$row 1 =mysql_fetch_array ($result 1); the if($row 1) #如果 $row 1 is True - { inEcho'<font color= "#FFFF00" Font size = 3 >'; the$insert ="INSERT into ' security '. ' Uagents ' (' uagent ', ' ip_address ', ' username ') VALUES (' $uagent ', ' $IP ', $uname)"; the mysql_query ($insert); About //Echo ' Your IP address is: '. $IP; theEcho"</font>"; the //echo "<br>"; theEcho'<font color= "#0000ff" Font size = 3 >'; +Echo'Your User Agent is:'. $uagent; -Echo"</font>"; theEcho"<br>";Bayi Print_r (Mysql_error ()); theEcho"<br><br>"; theEcho''; -Echo"<br>"; - the } the Else the { theEcho'<font color= "#0000ff" Font size= "3" >'; - //echo "Try again looser"; the Print_r (Mysql_error ()); theEcho"</br>"; theEcho"</br>";94Echo''; theEcho"</font>"; the } the 98 } About -?>
Go ahead and write it tomorrow. We're off the grid.
Sqli-labs Clearance Transcript -18-Audit SQL injection 2