Home >Backend Development >PHP Tutorial >php injection 1_PHP tutorial

php injection 1_PHP tutorial

WBOY
WBOYOriginal
2016-07-13 11:00:14852browse

This article is mainly for side dishes. If you are already an old bird, some things may feel boring, but as long as you look carefully, you will find a lot of interesting things.
After reading this article, you only need to understand the following things.
1. Understand how the php+mysql environment is built. We include related articles on the construction in the CD. If you are not very clear about building the php+mysql environment, please read this article first. In the topic of the previous issue Also introduced.
2. Have a general understanding of the configuration of php and apache, mainly using php.ini and httpd.conf
In this article, we mainly use the configuration of php.ini. For safety reasons, we generally turn on the safe mode in php.ini, that is, let safe_mode = On, and another one is display_errors that returns PHP execution errors. This will return a lot of useful information, so we should turn it off,
that is, let display_errors=off After turning off error display, PHP function execution error information will no longer be displayed to the user.
There is also a very important configuration option magic_quotes_gpc in the PHP configuration file php.ini. The default configuration in higher versions is magic_quotes_gpc=On. Only in the original antique-level PHP
the default configuration is magic_quotes_gpc= Off, but antiques are also used by people!
What will happen when magic_quotes_gpc=On in php.ini? Don’t panic, the sky won’t fall! It just converts all ' (single quotes), " (double quotes), (backslashes) and null characters in the submitted variables into escape characters containing backslashes, for example, ' becomes ',
This is what makes us unhappy. Many times we have to say BYEBYE to characters.
But don’t be discouraged, we still have good ways to deal with it. Take a look below!
3. Have a certain basic knowledge of php language and understand some sql statements. These are very simple. We use very few things, so it’s not too late to recharge.
Let’s take a look first! What can we do when magic_quotes_gpc=Off, and then we will find a way to deal with the situation when magic_quotes_gpc=On
1: Injection when magic_quotes_gpc=Off
ref="http://hackbase.com/hacker " target=_blank> Although it is very unsafe to attack
magic_quotes_gpc=Off, the new version also has
magic_quotes_gpc=On by default. However, we also found magic_quotes_gpc=Off in many servers, such as www. qichi.*.
There are also some programs like vbb forum, even if you configure magic_quotes_gpc=On, it will automatically eliminate escape characters and give us an opportunity, so there are still many ways to inject
magic_quotes_gpc=Off. market.
Below we will explain mysql+php injection in detail from the aspects of syntax, injection point and injection type.
A: Let’s start with MYSQL syntax.
1. First, let’s talk about some basic syntax of mysql. Children who haven’t studied well are taking extra classes~_~

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/631805.htmlTechArticleThis article is mainly for novices. If you are already an old bird, maybe some things will It feels rather boring, but as long as you look carefully, you will find a lot of interesting things. ...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn