Home >Backend Development >PHP Tutorial >Detailed explanation of preventing XSS attacks and SQL injection in PHP_PHP tutorial
This article briefly describes the detailed explanation of preventing XSS attacks and SQL injection in PHP. Friends who need to know more can refer to it.
XSS attack
The code is as follows | Copy code | ||||
File contains as well as CSRF. |
代码如下 | 复制代码 |
|
See code:
The code is as follows | Copy code |
mysql_connect("localhost","root","123456")or die("Database connection failed!"); mysql_select_db("test1"); $user=$_post['uid']; $pwd=$_POST['pass']; if(mysql_query("SELECT * from where admin = `username`='$user' or `password`='$pwd'"){ echo "User logged in successfully.."; } eles { echo "Username or password error"; } ?> |
代码如下 | 复制代码 |
// 省略连接数据库等操作。。 |
1. Enter "or‘1'=1" or "and 1=1" in the text box of the form
The statement when querying the database should be:
代码如下 | 复制代码 |
接收文件: |
At that time, we had discovered that we could query all the information of the current table after executing the SQL statement. For example: correct administrator account and password for login intrusion. .
代码如下 | 复制代码 |
if(empty($_POST['sub'])){ |
The code is as follows | Copy code |
// Omit operations such as connecting to the database. . <🎜> $user=mysql_real_escape_string($_POST['user']); <🎜> mysql_query("select * from admin whrer `username`='$user'"); <🎜> ?> |
The code is as follows | Copy code |
Receive files: |
The code is as follows | Copy code |
if(empty($_POST['sub'])){ echo $_POST['test']; } |
A very simple piece of code, here it just simulates the usage scenario..
Join attacker submissions
The code is as follows
|
Copy code
|
||||
<script>alert(document.cookie) ;</script> The cookie information of the current page should be displayed on the returned page. We can apply it to some message boards (which are not filtered in advance), and then steal the COOKIE information when the administrator reviews the modified information and send it to the attacker's space or mailbox. . Attackers can use cookie modifiers to perform login intrusions. . Of course there are many solutions. . Let’s introduce one of the most commonly used methods. Fix 1:
|
The code is as follows:
The code is as follows |