Use TP framework to imitate SQL attack injection

ImitationsqlInjection

##SEO:

1, if optimized, the title part is very important, the ## used to optimize the keywords of our website

#Search engines will classify your website based on keywords. If the website weight is high, when users search for keywords, they will see your website first

2, Japanese website --- points to the English website, indicating that the Japanese website voted for the English website. If the Japanese website voted for the English website, The more votes you cast, the better the English website is

PreventSQL injection:

1

, create a user login form

select()

will query all records

find()

Only one record will be queried

Write a simple username verification, write

'or 1 or' in the username form. Prompt that the username is correct,

# Thought question: Why did it succeed without verification?

#echo $model->getLastsql();//Print out the sql statement

After querying the executed

sql statement, we found that the cause of sql injection was the single quote

Because:

##1

, through php ##Magic quotes, to escape the data entered by the user The lower version of php is enabled by default, which will automatically Escape the data entered by the user

php.ini in

is enabled and changed to

Magic_quotes_gpc=On

can prevent correct verification

##2

and escape the data submitted by the user

Call the

addslashes()

function of php##$username= addslashes($_POST['username']);Use the addslashes function to process 3

, and use the ## of

thinkphp #System variablesGet external data $this->_server

## thinkphpSystem constants (4)

$this->_post('username', 'addslashes');

4, using arrayastp in the frame wherecondition

##5, directly write the query statement as

$list=$model->where('user_name="'.$username.'" and dept_id="'.$password.'"')-> select();The login will not be successful

Example:

//仿sql注入
public function login(){
 $this->display();
 }
public function verify(){
 //用户名'or 1 or'登录会提示登录成功,是不正确的
 //方法1修改ini.php
 $username=$_POST['username'];
 $password=$_POST['password'];
 //方法2
 /*$username=addslashes($_POST['username']);
 $password=$_POST['password'];
 //方法3
 $this->_post('username','addslashes');
 $password=$_POST['password'];
 //方法4数组
 $cond['user_name']=$username;
 $cond['dept_id']=$password;
 $list=$model->where($cond)->find();*/
 
 $model=M('User');
 //方法5
    // $list=$model->where('user_name="'.$username.'" and dept_id="'.$password.'"')->select();
  $list=$model->where("user_name='$username' and dept_id='$password'")->select();
  echo $model->getLastsql();//打印出sql语句
  if($list){
   echo '登录成功';
   }else{
    echo '登录失败';
    }
   
 }

tpl:

<form action="URL/verify" method="post">
用户名:<input type="text" name="username">
密码：<input type="text" name="password">
<input type="submit" value="提交">
</form>

The above is about how thinkphp prevents SQL injection attacks. There is more than one method. You can try to write it down and practice it.

Related recommendations:

Examples of methods to prevent SQL injection in PHP

The above is the detailed content of Use TP framework to imitate SQL attack injection. For more information, please follow other related articles on the PHP Chinese website!