Web Attack and Defense-SQL injection attacks

Source: Internet
Author: User
Tags php development environment

Web Attack and Defense-SQL injection attacks

The root cause of SQL injection attacks is SQL specification vulnerabilities. However, due to the long-term existence and use of the specification, it is almost impossible to modify the specification, so that the developer can only avoid attacks, although SQL injection is very serious before, it is relatively well controlled now. Here it is just a learning content.
The test procedure is as follows:
1: Build a PHP and mysql development environment. For details, refer to my other blog to customize the PHP development environment.
2: Add databases, tables, and table content.

3: Test
Universal password, universal user name
Digital Injection
The test is as follows:
Password: password 'or 1 = '1(You can enter any password. Note: If you paste the password here, you may need to modify the password)
Universal User name: xx 'Union select * from testuser/* (MySQL test does not solve this problem)
Number injection is the same as user name injection. Only numbers are submitted.

How can we prevent SQL injection?
1. Modify the server configuration: Modify magic_quotes_gpc to on (this setting is not available in php5.3 or later versions)
2: You can use more rigorous verification methods to modify the code layer;
3: Use pdo for pre-compilation.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.