Website problems, there are loopholes, today come here to ask csdn brothers help me solve I made a health care products station http://www.bjp51.net these two days a little problem, with 360 sweep, high risk, only 49 points, the report is as follows:
The first is a very serious problem. I want to solve the first problem today.
Let's take a look at the comments in Section 360.
I don't know how to change it. I hope you can help solve it.
Reply to discussion (solution)
This is the source code of the contrast. php file.
Alert ('Operation failed! Select at least one item. '); Window. opener = null; window. open ('', '_ self'); window. close () script "; exit;} $ tdwidth = floor (90/$ I); // round, 10% on the left $ SQL = "select * from zzcms_main where id in ($ id)"; $ rs = mysql_query ($ SQL);?>
[Product image] |
"Target =" _ blank "> alt =" "Border =" 0 "> |
[Product name] |
|
[Main functions] |
|
[Specification packaging] |
|
China Merchants region |
|
Product Description |
|
Available support |
|
Requirements for agents |
|
Remarks |
|
$ Id = '';
If (! Empty ($ _ POST ['id']) {
For ($ I = 0; $ I $ Id = $ id. ($ _ POST ['id'] [$ I]. ',');
}
$ Id = substr ($ id, 0, strlen ($ id)-1); // remove the last ","
}
$ SQL = "select * from zzcms_main where id in ($ id )"
He thinks that you use the imported data in the SQL command without checking.
$ Id = '';
If (! Empty ($ _ POST ['id']) {
For ($ I = 0; $ I $ Id = $ id. ($ _ POST ['id'] [$ I]. ',');
}
$ Id = substr ($ id, 0, strlen ($ id)-1); // remove the last ","
}
$ SQL = "select * from zzcms_main where id in ($ id )"
He thinks that you use the imported data in the SQL command without checking.
My name is php. how can I verify it? how can I check it?
Also, if I don't check it, is it easy to be injected?
$id = $id . (intval($_POST['id'][$i]) . ',');
The principle of SQL injection is to inject data from the address bar or form.
If you GET $ _ GET ["a"] from the address bar and use it directly in the program without filtering, it will pose a threat. For example:
If $ _ GET ["a"] = 1; then:
$ SQL = "SELECT * from aa where id = $ _ GET [" a "]"; that is, $ SQL = "SELECT * FROM AA WHERE id = 1 ";
However, if someone else modifies the value of $ _ GET ["a"] to 1 or (and) XXX, the query statement becomes
$ SQL = "SELECT * FROM AA WHERE id = 1 or (and) xxx ";
That's why I got it.
Therefore, the parameters in the address bar and form must be formatted and filtered out to specify the type, length, and characters ......
$ SQL = "select * from zzcms_main where id in ($ id )";
$ Id? Yes? OK ??, Use ?? What? Yes ,? But it was injected.
Because? Id can only be? So you can use intval? Cheng? Word, if not? Word ??? 0 ,?? The injection fails.
Security level: High risk
The security level beat 46% of websites nationwide!
$ Id = $ id. (intval ($ _ POST ['id'] [$ I]). ',');
The input data replaces the single quotes with two consecutive single quotes. the SQL statement uses the input parameters with single quotes.
$ Id = str_replace ("'", "'' ", $ _ POST ['id']);
$ SQL = "select * from tb_user wher id = '$ ID '";
In this way, we are not afraid of injection.
Thank you for choosing $ id = $ id. ($ _ POST ['id'] [$ I]. ','); replace with $ id = $ id. (intval ($ _ POST ['id'] [$ I]). ','
That's right.
The above is not correct. I changed it to this.
If (! Empty ($ _ POST ['id']) {
For ($ I = 0; $ I // $ Id = $ id. ($ _ POST ['id'] [$ I]. ',');
$ Id = $ id. (intval ($ _ POST ['id'] [$ I]). ',');
}
$ Id = substr ($ id, 0, strlen ($ id)-1); // remove the last ","
}
Is that true?
if(!empty($_POST['id'])) { $id = join(',', array_map('intval', $_POST['id']));}
You 'd better change $ id to another name.
if(!empty($_POST['id'])) { $id = join(',', array_map('intval', $_POST['id']));}
You 'd better change $ id to another name.
I am not familiar with php, so I will use this code without looking for variables.
Thank you for your selfless spirit.
I found out that you are solving another problem for me. thank you again!