PHP网络开发详解:SQL注入漏洞
- WBOYOriginal
- 2016-06-08 17:32:171191browse
<script>ec(2);</script>
SQL注入是网络攻击的一种常见手法,攻击者通过对页面中的SQL语句进行拼组来获得管理账号、密码及更多的其他信息。这种攻击SQL注入攻击的一般方法
$id = $_GET[''id'']; //获得参数
$sql = "SELECT * FROM posts WHERE postid = $id"; //定义SQL
mysql_connect("localhost", "root"); //连接服务器
mysql_select_db("guestbook"); //连接数据库
$rs = mysql_query($sql); //执行SQL
if(mysql_numrows($rs)) //如果记录存在,则输出
{
$row_rs = mysql_fetch_assoc($rs);
echo "TOPIC: ".$row_rs[''topic'']."
";
}
else
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:黑客帝国之PHP与ASP.net不得不说的故事Next article:三天学会php(有asp编程基础)