When there is injection in a PHP web application, how to write user login to prevent bypassing login through injection?

When there is injection in PHP web application, how to write user login to prevent bypassing login through injection

Assume that the conditions cannot be changed, do not answer to prevent injection

General 2 ways to write
·
1
$sql = "select * from user where user_name=$username and password=$password";
$res = $db_obj->get_one($sql);
if($ res){
//Login successful
}
·
·
2
$sql = "select * from user where user_name=$username";
$res = $db_obj->get_one($sql);
if( $res[password]==md5($password)){
//Login successful
}
·
Both of the above 2 can be bypassed, please write safely

Reply content:

When there is injection in PHP web application, how to write user login to prevent bypassing login through injection

Assume that the conditions cannot be changed, do not answer to prevent injection

General 2 ways to write
·
1
$sql = "select * from user where user_name=$username and password=$password";
$res = $db_obj->get_one($sql);
if($ res){
//Login successful
}
·
·
2
$sql = "select * from user where user_name=$username";
$res = $db_obj->get_one($sql);
if( $res[password]==md5($password)){
//Login successful
}
·
Both of the above 2 can be bypassed, please write safely

Since there is an injection vulnerability, not only the login can be bypassed, but also your database is unsafe. If you know your table structure, inserting an administrator account is also very simple. So the key is to prevent injection, not what to do after injection.

The simplest
$sql = "select * from user where user_name='".addslashes($username)."'";

Isn’t the general way of writing using orm to read and write the database?
Handwritten sql is inherently unsafe

Use PDO prepared statements