Home > Article > Backend Development > SQL injection in PHP query login_PHP tutorial
SQL injection in PHP query login_PHP tutorial
- WBOYOriginal
- 2016-07-13 10:27:28818browse
-------------------------------------------------- -------------------------------------------------- ------
For example, the following login code:
if($l = @mysql_connect('localhost', 'root', '123')) or die('Database connection failed');
mysql_select_db('test');
mysql_set_charset('utf8');
$sql = 'select * from test where username = "$username" and password = "$password"';
$res = mysql_query($sql);
if(mysql_num_rows($res)){
header('Location:./home.php');
}else{
die('Incorrect input');
}
----------------------------------@chenwei Black-eyed Poet
Pay attention to the above SQL statement, which has great security risks. If you use the following universal password and universal username, you can easily enter the page:
1. $sql = 'select * from test where username = "***" and password = "***" or 1 = "1"';
Obviously, the universal password for this sql statement is: ***" or 1 = "1
2. $sql = 'select * from test where username ="***" union select * from users/* and password = "***"';
Forward slash * means that the following will not be executed. MySQL supports union query, so all data can be directly queried; so the universal user name for this SQL statement is: ***" union select * from users/*
However, this injection only targets the sql statement in the code, if $sql = "select * from test where username = $username and password = $password";
At least the above injection no longer works, but the method is the same;
After using PDO, sql injection can be completely avoided, and in this era of rapid development and frameworks are rampant, there is no need to think too much about sql injection.
-------------------------------------------------- -------------------------------------------------- ---