Backend DevelopmentPHP TutorialComplete explanation of PHP vulnerabilities (5)-SQL injection attack
SQL injection attack (SQL Injection) is when the attacker submits a carefully constructed SQL statement in a form and changes the original SQL statement. If the web program does not check the submitted data, it will cause a SQL injection attack.
General steps of SQL injection attack:
1. The attacker visits a site with SQL injection vulnerability and looks for the injection point
2. The attacker constructs an injection statement, and combines the injection statement with the SQL statement in the program to generate a new SQL statement
3. The new sql statement is submitted to the database for processing
4. The database executes the new SQL statement, causing a SQL injection attack
Instance
Database
CREATE TABLE `postmessage` ( `id` int(11) NOT NULL auto_increment, `subject` varchar(60) NOT NULL default ”, `name` varchar(40) NOT NULL default ”, `email` varchar(25) NOT NULL default ”, `question` mediumtext NOT NULL, `postdate` datetime NOT NULL default ’0000-00-00 00:00:00′, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=gb2312 COMMENT=’运用者的留言’ AUTO_INCREMENT=69 ; grant all privileges on ch3.* to ‘sectop’@localhost identified by ’123456′; //add.php 插入留言 //list.php 留言列表 //show.php 显示留言
Page http://www. netsos.com.cn/show.php?id=71 There may be an injection point, let’s test it
http://www.netsos.com.cn/show.php?id=71 and 1=1
The record was queried once and not once. Let’s take a look at the source code
//show.php lines 12-15
//Execute the mysql query statement
$query = "select * from postmessage where id = " .$_GET["id"];
$result = mysql_query($query)
or die("Failed to execute ySQL query statement:" . mysql_error());
After the parameter id is passed in, and the preceding characters Put the combined sql statement into the database to execute the query
Submit and 1=1, the statement becomes select * from postmessage where id = 71 and 1=1. The values before and after this statement are all true, and after and is also true, return The queried data
is submitted and 1=2, and the statement becomes select * from postmessage where id = 71 and 1=2. The first value of this statement is true, the last value is false, and the next value is false, and no data can be queried
Normal SQL queries, after passing through the statements we constructed, form SQL injection attacks. Through this injection point, we can further obtain permissions, for example, use union to read the management password, read database information, or use mysql's load_file, into outfile and other functions to further penetrate.
Prevention method
Integer parameters:
Use the intval function to convert data into integers
Function prototype
int intval (mixed var, int base)
var is the variable to be converted into an integer
base, you can Select, it is the basic number, the default is 10
Floating point parameters:
Use floatval or doubleval function to convert single precision and double precision floating point parameters respectively
Function prototype
int floatval (mixed var)
var is Variable to be converted
int doubleval (mixed var)
var is the variable to be converted
Character parameters:
Use the addslashes function to convert single quotes "'" to "'" and double quotes """ into """, backslash "" is converted into "\", NULL character plus backslash ""
Function prototype
string addslashes (string str)
str is the string to be checked
So just now We can fix the code loopholes like this
// Execute mysql query statement
$query = "select * from postmessage where id = ".intval($_GET["id"]);
$result = mysql_query( $query)
or die("Failed to execute ySQL query statement: " . mysql_error());
If it is a character type, first determine whether magic_quotes_gpc can be On, and use addslashes to escape when it is not On. Special characters
if(get_magic_quotes_gpc())
{
$var = $_GET["var"];
}
else
{
$var = addslashes($_GET["var"]) ;
}
Tested again, the vulnerability has been fixed
The above is the content of PHP vulnerability solution (5) - SQL injection attack. For more related content, please pay attention to the PHP Chinese website (www.php.cn )!
Working with Flash Session Data in LaravelMar 12, 2025 pm 05:08 PMLaravel simplifies handling temporary session data using its intuitive flash methods. This is perfect for displaying brief messages, alerts, or notifications within your application. Data persists only for the subsequent request by default: $request-
Build a React App With a Laravel Back End: Part 2, ReactMar 04, 2025 am 09:33 AMThis is the second and final part of the series on building a React application with a Laravel back-end. In the first part of the series, we created a RESTful API using Laravel for a basic product-listing application. In this tutorial, we will be dev
cURL in PHP: How to Use the PHP cURL Extension in REST APIsMar 14, 2025 am 11:42 AMThe PHP Client URL (cURL) extension is a powerful tool for developers, enabling seamless interaction with remote servers and REST APIs. By leveraging libcurl, a well-respected multi-protocol file transfer library, PHP cURL facilitates efficient execution of various network protocols, including HTTP, HTTPS, and FTP. This extension offers granular control over HTTP requests, supports multiple concurrent operations, and provides built-in security features.
Simplified HTTP Response Mocking in Laravel TestsMar 12, 2025 pm 05:09 PMLaravel provides concise HTTP response simulation syntax, simplifying HTTP interaction testing. This approach significantly reduces code redundancy while making your test simulation more intuitive. The basic implementation provides a variety of response type shortcuts: use Illuminate\Support\Facades\Http; Http::fake([ 'google.com' => 'Hello World', 'github.com' => ['foo' => 'bar'], 'forge.laravel.com' =>
12 Best PHP Chat Scripts on CodeCanyonMar 13, 2025 pm 12:08 PMDo you want to provide real-time, instant solutions to your customers' most pressing problems? Live chat lets you have real-time conversations with customers and resolve their problems instantly. It allows you to provide faster service to your custom
Notifications in LaravelMar 04, 2025 am 09:22 AMIn this article, we're going to explore the notification system in the Laravel web framework. The notification system in Laravel allows you to send notifications to users over different channels. Today, we'll discuss how you can send notifications ov
Explain the concept of late static binding in PHP.Mar 21, 2025 pm 01:33 PMArticle discusses late static binding (LSB) in PHP, introduced in PHP 5.3, allowing runtime resolution of static method calls for more flexible inheritance.Main issue: LSB vs. traditional polymorphism; LSB's practical applications and potential perfo
PHP Logging: Best Practices for PHP Log AnalysisMar 10, 2025 pm 02:32 PMPHP logging is essential for monitoring and debugging web applications, as well as capturing critical events, errors, and runtime behavior. It provides valuable insights into system performance, helps identify issues, and supports faster troubleshoot
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Zend Studio 13.0.1
Powerful PHP integrated development environment
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
Dreamweaver Mac version
Visual web development tools
Atom editor mac version download
The most popular open source editor
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
