A detailed discussion of SQL injection attacks and XSS attacks in PHP_PHP tutorial

For example: SQL injection attack
And CSRF.
}

There are many articles about SQL attacks and various anti-injection scripts, but none of them can solve the fundamental problem of SQL injection See code:

Copy code

The code is as follows:


mysql_connect("localhost","root", "123456")or die("Database connection failed!");
mysql_select_db("test1");

$user=$_post['uid']; $pwd=$_POST['pass ']; if(mysql_query("SELECT * from where admin = `username`='$user' or `password`='$pwd'"){

echo "User succeeded Log in..";

} eles {
echo "Username or password error";
}
?>


A very simple piece of code, the function is It is used to check whether the user name or password is correct, but some malicious attackers submit some sensitive code. The consequences can be imagined. There are two ways to determine the injection of post
1. Enter in the text box of the form. "or'1'=1" or "and 1=1"
The statement when querying the database should be:
SELECT admin from where login = `user`=''or'1'=1' or `pass`='xxxx'
Of course there will be no error, because or means and, or in the SQL statement. Of course, an error will be prompted.
At that time, we have discovered that the SQL statement can be executed. Then you can query all the information of the current table. For example: correct administrator account and password to log in.
Fixing method 1:
Use javascript script to filter special characters (not recommended, the indicator does not solve the problem)
If the attacker disables javascript, he can still perform SQL injection attacks.

Fixing method 2:
Use mysql’s built-in function to filter.


<.>Copy code

The code is as follows:


// Omit operations such as connecting to the database. .
$user=mysql_real_escape_string($_POST['user']);
mysql_query("select * from admin whrer `username`='$user'");
?>

Since we talked about xss attacks earlier, let’s talk about XSS attacks and prevention. . Submit the form:

Copy code

The code is as follows:

> ;

Receive files:

Copy code

The code is as follows:


if(empty($ _POST['sub'])){
echo $_POST['test'];

}

A very simple piece of code, here it just simulates the usage scenario.. Join the attacker to submit <script>alert(document.cookie);</script> The cookie information of the current page should be displayed on the returned page. We can apply it to some message boards (which are not filtered in advance), and then steal the COOKIE information when the administrator reviews the modified information, and send it to the attacker's space or mailbox. . Attackers can use cookie modifiers to perform login intrusions. .

Of course there are many solutions. . Let’s introduce one of the most commonly used methods.

Repair 1: Use javascript to escape
Repair 2: Use PHP built-in functions to escape
The code is as follows:
[code]
if(empty($_POST['sub '])){

$str=$_POST['test'];
htmlentities($srt);
echo $srt;
}
[html]
Okay , that’s about it for the cases and repair methods of SQL injection attacks and XSS attacks.
Of course there are other solutions:
For example: using the php framework
There are other methods. . Of course, XSS has many and wide application scopes and attack methods. This article only filters the php submission method, there are other things that you need to study by yourself ^_^~
This article is published here: Aey uhost team (team.hake.cc), please bring the copyright when reprinting.

y0umer
2012/6/7



http://www.bkjia.com/PHPjc/325589.html

www.bkjia.com

true

http: //www.bkjia.com/PHPjc/325589.html

TechArticle

For example: SQL injection attack XSS attack copy code code is as follows: arbitrary execution code file contains and CSRF. } About SQL attack There are many articles and various anti-injection scripts, but none of them can solve the problem...