Detailed explanation of preventing XSS attacks and SQL injection in PHP_PHP tutorial

This article briefly describes the detailed explanation of preventing XSS attacks and SQL injection in PHP. Friends who need to know more can refer to it.

XSS attack

The code is as follows

Copy code

代码如下	复制代码
任意执行代码 文件包含以及CSRF. }

Arbitrary code execution

File contains as well as CSRF.
}

代码如下	复制代码
mysql_connect("localhost","root","123456")or die("数据库连接失败!"); mysql_select_db("test1"); $user=$_post['uid']; $pwd=$_POST['pass']; if(mysql_query("SELECT * from where admin = `username`='$user' or `password`='$pwd'"){ echo "用户成功登陆.."; } eles { echo "用户名或密码出错"; } ?>

There are many articles about SQL attacks and various anti-injection scripts, but none of them can solve the fundamental problem of SQL injection

See code:

The code is as follows	Copy code
mysql_connect("localhost","root","123456")or die("Database connection failed!"); mysql_select_db("test1"); $user=$_post['uid']; $pwd=$_POST['pass']; if(mysql_query("SELECT * from where admin = `username`='$user' or `password`='$pwd'"){ echo "User logged in successfully.."; } eles { echo "Username or password error"; } ?>

代码如下	复制代码
// 省略连接数据库等操作。。 $user=mysql_real_escape_string($_POST['user']); mysql_query("select * from admin whrer `username`='$user'"); ?>

A very simple piece of code, the function is to detect whether the username or password is correct, but some malicious attackers submit some sensitive code. The consequences can be imagined... There are two ways to determine the injection of post.

1. Enter "or‘1'=1" or "and 1=1" in the text box of the form
The statement when querying the database should be:

SELECT admin from where login = `user`=''or‘1'=1' or `pass`=‘xxxx'

代码如下	复制代码
接收文件：

Of course, there will be no errors, because or represents and or means in the sql statement. Of course, errors will also be prompted.

At that time, we had discovered that we could query all the information of the current table after executing the SQL statement. For example: correct administrator account and password for login intrusion. .

代码如下	复制代码
if(empty($_POST['sub'])){ echo $_POST['test']; }

Repair method 1: Use javascript script to filter special characters (not recommended, indicators do not cure the root cause) If the attacker disables javascript, he can still conduct SQL injection attacks. . Repair method 2: Use mysql’s built-in function to filter. See code:

The code is as follows	Copy code
// Omit operations such as connecting to the database. . <🎜> $user=mysql_real_escape_string($_POST['user']); <🎜> mysql_query("select * from admin whrer `username`='$user'"); <🎜> ?>

Since we talked about xss attacks earlier, let’s talk about XSS attacks and prevention. . Submit form:

The code is as follows	Copy code
Receive files:

The code is as follows	Copy code
if(empty($_POST['sub'])){ echo $_POST['test']; }

A very simple piece of code, here it just simulates the usage scenario..
Join attacker submissions

The code is as follows:

The code is as follows

代码如下	复制代码
<script>alert(document.cookie);</script>

Copy code

<script>alert(document.cookie) ;</script>


The cookie information of the current page should be displayed on the returned page. We can apply it to some message boards (which are not filtered in advance), and then steal the COOKIE information when the administrator reviews the modified information and send it to the attacker's space or mailbox. . Attackers can use cookie modifiers to perform login intrusions. . Of course there are many solutions. . Let’s introduce one of the most commonly used methods.
Fix 1:

代码如下	复制代码
[code] if(empty($_POST['sub'])){ $str=$_POST['test']; htmlentities($srt); echo $srt; } [html]

Use javascript to escape

Fix 2:

Use php built-in functions to escape

The code is as follows

Copy code

[code]

if(empty($_POST['sub'])){ $str=$_POST['test']; htmlentities($srt); echo $srt; } [html] Okay, that’s about it for the cases and repair methods of SQL injection attacks and XSS attacks.

http://www.bkjia.com/PHPjc/629115.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629115.htmlTechArticleThis article briefly talks about the detailed explanation of preventing xss attacks and sql injection in php. Friends who need to know can For reference. The XSS attack code is as follows. Copy the code and execute the code arbitrarily. File package...