Comprehensive prevention of SQL injection attacks in PHP (1)_PHP tutorial

1. Introduction

PHP is a powerful but fairly easy to learn server-side script. language that enables even inexperienced programmers to create complex and dynamic web sites. However, it often has many difficulties in realizing the confidentiality and security of Internet services. In this series of articles, we will introduce readers to the security background necessary for web development as well as the PHP specific knowledge and code- you can use to protect you Security and consistency for your own web applications. First, we briefly review server security issues - showing how you can access private information in a shared hosting environment, keep developers off production servers, maintain up-to-date software, provide encrypted channels, and Control access to your system.

We then discuss common vulnerabilities in PHP script implementations. We'll explain how to protect your scripts from SQL injection, prevent cross-site scripting and remote execution, and prevent "hijacking" of temporary files and sessions.

In the last article, we will implement a secure Web application. You will learn how to authenticate users, authorize and track application usage, avoid data loss, safely execute high-risk system commands, and use web services securely. Whether you have sufficient PHP security development experience or not, this series of articles will provide a wealth of information to help you build more secure online applications.

2. What is SQL injection

If you plan to never use some data, then it makes no sense to store them in a database; because the database is designed to easily access and manipulate the data in the database. However, simply doing so can lead to potential disaster. This is not the case primarily because you yourself might accidentally delete everything in the database; Being "hijacked" by someone - replacing your own data with his own destructive data. We call this substitution "injection " . In fact, every time you ask a user for input to construct a database query, you are allowing that user to participate in constructing a command to access the database server. A friendly user may feel satisfied to achieve such an operation; however, a malicious user will try to find a way to twist the command, causing the twisted command to delete data, or even do something more dangerous. things. As a programmer, your task is to find a way to avoid such malicious attacks.

3. SQL

Injection working principle

Constructing a database query is very straightforward process. Typically, it will be implemented along the following lines. Just to illustrate the problem, we will assume that you have a wine database table "wines", which has a field "

variety" (

i.e. wine type): 1.Provide a form

-

that allows users to submit certain content to be searched. Let's assume that the user chooses to search for wines of type "lagrein". 2.Retrieve the user’s search term and save it

-

by assigning it to a variable as shown below :

$variety = $_POST['variety'];

Therefore, the value of variable $variety is now:

lagrein

lagrein

3.

Then, use this variable to construct a database query in the

$query = "SELECT * FROM wines WHERE variety='$variety'";

WHERE

clause:

$query = "SELECT * FROM wines WHERE variety='$variety'";

SELECT * FROM wines WHERE variety='lagrein'

So, the value of variable $query now looks like this:

SELECT * FROM wines WHERE variety='lagrein'

4.Submit the query to the MySQL server.

5.MySQL returns all records in the wines table - among which, the field variety is "lagrein" .

By now, this should be a familiar and very easy process. Unfortunately, sometimes the processes we are familiar with and comfortable with can easily lead to complacency. Now, let's reanalyze the query we just constructed.

1.The fixed part of this query you create ends with a single quote, which you will use to describe the beginning of the variable value:

$query = " SELECT * FROM wines WHERE variety = '";

$query = " SELECT * FROM wines WHERE variety = '";

2.

$query .= $variety;

Use the original fixed part with the value of the variable submitted by the user:

$query .= $variety;

$ query .= "'";

3.Then, you use another single quote to concatenate this result -Describe the end of the variable value:

SELECT * FROM wines WHERE variety = 'lagrein'

$ query .= "'";

So, the value of $query is as follows:

SELECT * FROM wines WHERE variety = 'lagrein '

The success of this construct relies on user input. In this example, you are using a single word ( or possibly a group of words ) to specify a type of wine. Therefore, the query is constructed without any problems, and the result is what you would expect: - a list of wines with the wine type "lagrein". Now, let's imagine that instead of entering a simple wine type of "lagrein", your user enters the following (Note including the two punctuations Symbols):

table>Now, you continue to construct your query using the previously fixed parts(Here, we only display the resulting value of the $query variable

lagrein' or 1=1;

lagrein' or 1=1;

SELECT * FROM wines WHERE variety = '

)

：

SELECT * FROM wines WHERE variety = '

SELECT * FROM wines WHERE variety = 'lagrein' or 1=1;

You then concatenate it with the value of the variable containing the user input(Here, in bold

)

SELECT * FROM wines WHERE variety = 'lagrein' or 1=1;'

:

SELECT * FROM wines WHERE variety = 'lagrein' or 1=1;

Finally, add the lower quotes above and below:

SELECT * FROM wines WHERE variety = 'lagrein' or 1=1;'

1

http://www.bkjia.com/PHPjc/446822.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/446822.htmlTechArticle1. Introduction PHP is a server-side scripting language that is powerful but fairly easy to learn, even with little experience. Programmers can also use it to create complex dynamic web sites. However...