SQL injection vulnerability caused by php is_numberic function_javascript skills

1. Introduction to is_numberic function
The is_numberic function is used in some domestic CMS programs. Let’s take a look at the structure of this function first
bool is_numeric (mixed $var)
If Returns TRUE if var is a number or numeric string, otherwise returns FALSE.
2. Is the function safe?
Next let’s look at an example to illustrate whether this function is safe.

Copy code The code is as follows:

$s = is_numeric($_GET['s'])?$ _GET['s']:0;
$sql="insert into test(type)values($s);"; //It is values($s), not values('$s')
mysql_query ($sql);

The above fragment program is to determine whether the parameter s is a number. If it is, it will return a number, if not, it will return 0, and then it will be brought into the database for query. (In this way, the sql statement cannot be constructed)
We convert '1 or 1' into hexadecimal 0x31206f722031 as the value of the s parameter
After the program is run, we query the database, as shown below:

If you query the fields of this table again and bring in another SQL statement without filtering, it will cause two injections.
3. Summary
Try not to use this function, if you want to use this function, it is recommended to use standard SQL statements and add single quotes to the conditions, so that the hexadecimal number 0x31206f722031 will be displayed in the database. There will not be 1 or 1.