If the conditions cannot be changed, do not reply to prevent injection.
2 in general
·
1
$ SQL = "select * from user where user_name = $ username and password = $ password ";
$ Res = $ db_obj-> get_one ($ SQL );
If ($ res ){
// Login successful
}
·
·
2
$ SQL = "select * from user where user_name = $ username ";
$ Res = $ db_obj-> get_one ($ SQL );
If ($ res [password] = md5 ($ password )){
// Login successful
}
·
Any of the above two can be bypassed to seek security
How to write user logon when PHP web applications are injected to prevent bypass login through injection
If the conditions cannot be changed, do not reply to prevent injection.
2 in general
·
1
$ SQL = "select * from user where user_name = $ username and password = $ password ";
$ Res = $ db_obj-> get_one ($ SQL );
If ($ res ){
// Login successful
}
·
·
2
$ SQL = "select * from user where user_name = $ username ";
$ Res = $ db_obj-> get_one ($ SQL );
If ($ res [password] = md5 ($ password )){
// Login successful
}
·
Any of the above two can be bypassed to seek security
Since the injection vulnerability already exists, not only logon can be bypassed, but your database is not secure. If you know the structure of your table, it is easy to insert an administrator account. So the key is to prevent injection, instead of what to do after injection.
Simplest
$ SQL = "select * from user where user_name = '". addslashes ($ username )."'";
Isn't the general writing method using orm to read and write databases?
Handwriting SQL is inherently insecure
Use PDO preprocessing statements
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
