SQL injection and escaped php function code_PHP tutorial

sql injection:

Under normal circumstances:

　delete.php?id=3;
　$sql = 'delete from news where id = '.$_GET['id'];

Malicious situation:

　delete.php?id=3 or 1;
　$sql = 'delete from news where id = 3 or 1'; -------After executing this, all records will be deleted

Relevant measures should be taken. . . For example, check whether it is a number before using it, etc.

Convince yourself that information from the client is never reliable! !

Escape:

Sometimes the data transmitted from the client may maliciously contain some special characters, such as single quotes, slashes, etc., so it needs to be escaped and converted into ordinary characters. In this case, string addslashes ( string $str ), this function can escape a variable. However, if you want to escape the elements in the array, use foreach to loop the array, as follows:

Copy code The code is as follows:

foreach($_POST as $k=>$v) {
 if (is_string($v)) {
                                                                                 
But if the array also contains an array, it needs to be escaped recursively. In this case,
is used
　array_walk_recursive(array &$input, callback $funcname [, mixed $userdata])

Applies the user-defined function funcname to each cell in the array array. This function will recurse into deeper arrays. Typically funcname accepts two parameters. The value of the input parameter is used as the first one, and the key name is used as the second one. If the optional argument userdata is provided, it will be passed as the third argument to callback funcname. Returns TRUE on success, or FALSE

on failure

That is to say: when using a custom function, it must be able to receive at least two parameters, while addslashes() can only receive one parameter, so customize a function as follows:

Copy code

The code is as follows:

Function a(&$v,$k){ ($v);　　　}

　　array_walk_recursive(&$arr,'a');

The system automatically escapes:

In PHP, there is a concept of magic quotes. How to turn it on? Answer: In PHP.ini, magic_quotes_gpc=On; just restart apache

After the magic quotes are turned on, the system will automatically escape the $_GET, $_POST, $_COOKIE data. If you do it manually again without knowing it, it will be too much. To do it reasonably, To escape, you must first determine whether the magic symbol has been turned on. Use magic_quotes_gpc() to determine. There is no need to pass a value. Close returns 0 and close returns 1

Copy code

The code is as follows:

　if(!get_magic_quotes_gpc()) { // If the magic quotes are not turned on  function _addslashes(&$v,$k) {

  $v = addslashes($v);

 }
 array_walk_recursive(&$_GET,'_addslashes');  array_walk_recursive(& $_POST,'_addslashes');

　array_walk_recursive(&$_COOKIE,'_addslashes');
　}

http://www.bkjia.com/PHPjc/327604.htmlwww.bkjia.com

truehttp: //www.bkjia.com/PHPjc/327604.htmlTechArticlesql injection: Normally: delete.php?id=3; $sql = 'delete from news where id = '.$_GET['id']; Malicious situation: delete.php?id=3 or 1; $sql = 'delete from news where id = 3 or 1'; ---...