Backend DevelopmentPHP TutorialComplete explanation of PHP vulnerabilities (5)-SQL injection attack
SQL injection attack (SQL Injection) is when the attacker submits a carefully constructed SQL statement in a form and changes the original SQL statement. If the web program does not check the submitted data, it will cause a SQL injection attack.
General steps of SQL injection attack:
1. The attacker visits a site with SQL injection vulnerability and looks for the injection point
2. The attacker constructs an injection statement, and combines the injection statement with the SQL statement in the program to generate a new SQL statement
3. The new sql statement is submitted to the database for processing
4. The database executes the new SQL statement, causing a SQL injection attack
Instance
Database
CREATE TABLE `postmessage` ( `id` int(11) NOT NULL auto_increment, `subject` varchar(60) NOT NULL default ”, `name` varchar(40) NOT NULL default ”, `email` varchar(25) NOT NULL default ”, `question` mediumtext NOT NULL, `postdate` datetime NOT NULL default ’0000-00-00 00:00:00′, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=gb2312 COMMENT=’运用者的留言’ AUTO_INCREMENT=69 ; grant all privileges on ch3.* to ‘sectop’@localhost identified by ’123456′; //add.php 插入留言 //list.php 留言列表 //show.php 显示留言
Page http://www. netsos.com.cn/show.php?id=71 There may be an injection point, let’s test it
http://www.netsos.com.cn/show.php?id=71 and 1=1
The record was queried once and not once. Let’s take a look at the source code
//show.php lines 12-15
//Execute the mysql query statement
$query = "select * from postmessage where id = " .$_GET["id"];
$result = mysql_query($query)
or die("Failed to execute ySQL query statement:" . mysql_error());
After the parameter id is passed in, and the preceding characters Put the combined sql statement into the database to execute the query
Submit and 1=1, the statement becomes select * from postmessage where id = 71 and 1=1. The values before and after this statement are all true, and after and is also true, return The queried data
is submitted and 1=2, and the statement becomes select * from postmessage where id = 71 and 1=2. The first value of this statement is true, the last value is false, and the next value is false, and no data can be queried
Normal SQL queries, after passing through the statements we constructed, form SQL injection attacks. Through this injection point, we can further obtain permissions, for example, use union to read the management password, read database information, or use mysql's load_file, into outfile and other functions to further penetrate.
Prevention method
Integer parameters:
Use the intval function to convert data into integers
Function prototype
int intval (mixed var, int base)
var is the variable to be converted into an integer
base, you can Select, it is the basic number, the default is 10
Floating point parameters:
Use floatval or doubleval function to convert single precision and double precision floating point parameters respectively
Function prototype
int floatval (mixed var)
var is Variable to be converted
int doubleval (mixed var)
var is the variable to be converted
Character parameters:
Use the addslashes function to convert single quotes "'" to "'" and double quotes """ into """, backslash "" is converted into "\", NULL character plus backslash ""
Function prototype
string addslashes (string str)
str is the string to be checked
So just now We can fix the code loopholes like this
// Execute mysql query statement
$query = "select * from postmessage where id = ".intval($_GET["id"]);
$result = mysql_query( $query)
or die("Failed to execute ySQL query statement: " . mysql_error());
If it is a character type, first determine whether magic_quotes_gpc can be On, and use addslashes to escape when it is not On. Special characters
if(get_magic_quotes_gpc())
{
$var = $_GET["var"];
}
else
{
$var = addslashes($_GET["var"]) ;
}
Tested again, the vulnerability has been fixed
The above is the content of PHP vulnerability solution (5) - SQL injection attack. For more related content, please pay attention to the PHP Chinese website (www.php.cn )!
PHP Email: Step-by-Step Sending GuideMay 09, 2025 am 12:14 AMPHPisusedforsendingemailsduetoitsintegrationwithservermailservicesandexternalSMTPproviders,automatingnotificationsandmarketingcampaigns.1)SetupyourPHPenvironmentwithawebserverandPHP,ensuringthemailfunctionisenabled.2)UseabasicscriptwithPHP'smailfunct
How to Send Email via PHP: Examples & CodeMay 09, 2025 am 12:13 AMThe best way to send emails is to use the PHPMailer library. 1) Using the mail() function is simple but unreliable, which may cause emails to enter spam or cannot be delivered. 2) PHPMailer provides better control and reliability, and supports HTML mail, attachments and SMTP authentication. 3) Make sure SMTP settings are configured correctly and encryption (such as STARTTLS or SSL/TLS) is used to enhance security. 4) For large amounts of emails, consider using a mail queue system to optimize performance.
Advanced PHP Email: Custom Headers & FeaturesMay 09, 2025 am 12:13 AMCustomheadersandadvancedfeaturesinPHPemailenhancefunctionalityandreliability.1)Customheadersaddmetadatafortrackingandcategorization.2)HTMLemailsallowformattingandinteractivity.3)AttachmentscanbesentusinglibrarieslikePHPMailer.4)SMTPauthenticationimpr
Guide to Sending Emails with PHP & SMTPMay 09, 2025 am 12:06 AMSending mail using PHP and SMTP can be achieved through the PHPMailer library. 1) Install and configure PHPMailer, 2) Set SMTP server details, 3) Define the email content, 4) Send emails and handle errors. Use this method to ensure the reliability and security of emails.
What is the best way to send an email using PHP?May 08, 2025 am 12:21 AMThebestapproachforsendingemailsinPHPisusingthePHPMailerlibraryduetoitsreliability,featurerichness,andeaseofuse.PHPMailersupportsSMTP,providesdetailederrorhandling,allowssendingHTMLandplaintextemails,supportsattachments,andenhancessecurity.Foroptimalu
Best Practices for Dependency Injection in PHPMay 08, 2025 am 12:21 AMThe reason for using Dependency Injection (DI) is that it promotes loose coupling, testability, and maintainability of the code. 1) Use constructor to inject dependencies, 2) Avoid using service locators, 3) Use dependency injection containers to manage dependencies, 4) Improve testability through injecting dependencies, 5) Avoid over-injection dependencies, 6) Consider the impact of DI on performance.
PHP performance tuning tips and tricksMay 08, 2025 am 12:20 AMPHPperformancetuningiscrucialbecauseitenhancesspeedandefficiency,whicharevitalforwebapplications.1)CachingwithAPCureducesdatabaseloadandimprovesresponsetimes.2)Optimizingdatabasequeriesbyselectingnecessarycolumnsandusingindexingspeedsupdataretrieval.
PHP Email Security: Best Practices for Sending EmailsMay 08, 2025 am 12:16 AMThebestpracticesforsendingemailssecurelyinPHPinclude:1)UsingsecureconfigurationswithSMTPandSTARTTLSencryption,2)Validatingandsanitizinginputstopreventinjectionattacks,3)EncryptingsensitivedatawithinemailsusingOpenSSL,4)Properlyhandlingemailheaderstoa
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
