关于SQL注入的一些有关问题.URL注入. -PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

关于SQL注入的一些有关问题.URL注入.

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 pm 01:09 PM

phpsqlurl

关于SQL注入的一些问题...URL注入....
用一些SQL注入工具来检测自己的后台...发现显示能注入..想求教一下怎么防注入

在表单的检测里已经过滤掉了所有非法的字符.....

现在不知道怎么从URL里过滤掉非法字符...

想弄清楚URL注入原理和防注入的方法......

工具里的这些有些不太懂

XXXX.com/adminlogin.php/**/and/**/1=1
XXXX.com/adminlogin.php/**/and/**/1=1/**/union/**/select/**/1,2,3,4,5,6,7,8,9/*

到底是怎么从地址里面提交查询的？

------解决方案--------------------
理论上说，只要不加处理的将传入数据直接应用于 SQL 指令中，那么就存在SQL注入的可能性

如何评价 SQL注入造成的损害，那就有些讲究了
1、php 为防范 SQL注入已经采取了措施：一次只能执行一条 SQL 指令。这就断绝了通过重构sql指令来造成灾难性所害的途径。（附加 delete、drop）
2、一个例外是 mysqli_multi_query，他允许一次执行多条指令。由此带来的风险，要由使用者自己来承担的
3、仅仅改变查询条件（恒成立）并不构成威胁，至多是入侵者具备了网站管理员的权限，这个可以通过首先插入一个特殊名称的管理员来解决。只要检查到用户名为该名称时就退出程序
4、或是看到了本不该出现在本栏目的数据，但这并不影响其他用户的正常浏览

总之，大可不必谈虎色变的

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

PHP Performance Tuning for High Traffic WebsitesMay 14, 2025 am 12:13 AM

ThesecrettokeepingaPHP-poweredwebsiterunningsmoothlyunderheavyloadinvolvesseveralkeystrategies:1)ImplementopcodecachingwithOPcachetoreducescriptexecutiontime,2)UsedatabasequerycachingwithRedistolessendatabaseload,3)LeverageCDNslikeCloudflareforservin

Dependency Injection in PHP: Code Examples for BeginnersMay 14, 2025 am 12:08 AM

You should care about DependencyInjection(DI) because it makes your code clearer and easier to maintain. 1) DI makes it more modular by decoupling classes, 2) improves the convenience of testing and code flexibility, 3) Use DI containers to manage complex dependencies, but pay attention to performance impact and circular dependencies, 4) The best practice is to rely on abstract interfaces to achieve loose coupling.

PHP Performance: is it possible to optimize the application?May 14, 2025 am 12:04 AM

Yes,optimizingaPHPapplicationispossibleandessential.1)ImplementcachingusingAPCutoreducedatabaseload.2)Optimizedatabaseswithindexing,efficientqueries,andconnectionpooling.3)Enhancecodewithbuilt-infunctions,avoidingglobalvariables,andusingopcodecaching

PHP Performance Optimization: The Ultimate GuideMay 14, 2025 am 12:02 AM

ThekeystrategiestosignificantlyboostPHPapplicationperformanceare:1)UseopcodecachinglikeOPcachetoreduceexecutiontime,2)Optimizedatabaseinteractionswithpreparedstatementsandproperindexing,3)ConfigurewebserverslikeNginxwithPHP-FPMforbetterperformance,4)

PHP Dependency Injection Container: A Quick StartMay 13, 2025 am 12:11 AM

APHPDependencyInjectionContainerisatoolthatmanagesclassdependencies,enhancingcodemodularity,testability,andmaintainability.Itactsasacentralhubforcreatingandinjectingdependencies,thusreducingtightcouplingandeasingunittesting.

Dependency Injection vs. Service Locator in PHPMay 13, 2025 am 12:10 AM

Select DependencyInjection (DI) for large applications, ServiceLocator is suitable for small projects or prototypes. 1) DI improves the testability and modularity of the code through constructor injection. 2) ServiceLocator obtains services through center registration, which is convenient but may lead to an increase in code coupling.

PHP performance optimization strategies.May 13, 2025 am 12:06 AM

PHPapplicationscanbeoptimizedforspeedandefficiencyby:1)enablingopcacheinphp.ini,2)usingpreparedstatementswithPDOfordatabasequeries,3)replacingloopswitharray_filterandarray_mapfordataprocessing,4)configuringNginxasareverseproxy,5)implementingcachingwi

PHP Email Validation: Ensuring Emails Are Sent CorrectlyMay 13, 2025 am 12:06 AM

PHPemailvalidationinvolvesthreesteps:1)Formatvalidationusingregularexpressionstochecktheemailformat;2)DNSvalidationtoensurethedomainhasavalidMXrecord;3)SMTPvalidation,themostthoroughmethod,whichchecksifthemailboxexistsbyconnectingtotheSMTPserver.Impl

See all articles