1. First understand the principle of SQL injection:
SQL Injection: It is to insert SQL commands into the Web Submit a form or enter a domain name or query string for a page request, ultimately tricking the server into executing malicious SQL commands.
Specifically, it is the ability to use existing applications to inject (malicious) SQL commands into the backend database engine for execution. It can obtain an existence by entering (malicious) SQL statements in a web form. Security holes in the database on the website, rather than executing SQL statements as the designer intended. For example, many previous film and television websites leaked VIP membership passwords, mostly by submitting query characters through WEB forms. Such forms are particularly vulnerable to SQL injection attacks. (Sourced from Baidu)
That is to say, the website page contains parts that interact with the database (such as the search function of a news website), and when data is entered on the website, the data is programmed and passed to the database for execution. During the process, the website developers did not perform security processing on the corresponding data passed into the database (such as filtering special characters, encoding, etc.), allowing hackers to pass malicious code (that is, SQL commands containing illegal SQL statements) through the front end of the website. Enter the database and execute these SQL statements with hacker purposes in the database, causing database information leakage, damage and other consequences.
2. General classification of SQL injection
Classified according to injection point type
(1) Number Type injection point
Many web links have a similar structure http://www.example.com/12.php?id=1 Injections based on this form are generally called digital injection points , the reason is that the injection point id type is a number. In most web pages, such as viewing user personal information, viewing articles, etc., most of them use this form of structure to transfer id and other information, hand it to the backend, and query it out of the database The corresponding information is returned to the front desk. The prototype of this type of SQL statement is probably select * from table name where id=1. If there is injection, we can construct a SQL injection statement similar to the following for blasting: select * from table name where id=1 and 1=1
(2) Character injection point
The web link has a similar structure http://xwww.example.com/users.php?user=admin This form , the user type of its injection point is character type, so it is called character injection point. The prototype of this type of SQL statement is probably select * from table name where user='admin'. It is worth noting that compared with the numeric injection type SQL statement prototype, there are more quotes, which can be single quotes or double quotes. If there is injection, we can construct a SQL injection statement similar to the following for blasting: select * from table name where user='admin' and 1=1 ' We need to get rid of these annoying quotation marks.
(3) Search injection point
This is a special type of injection. This type of injection mainly refers to not filtering the search parameters when performing data searches. Generally, there is "keyword=keyword" in the link address. Some are not displayed in the link address, but are submitted directly through the search box form. The prototype of the SQL statement submitted by this type of injection point is roughly: select * from table name where field like '%keyword%' If there is injection, we can construct a SQL injection statement similar to the following for blasting: select * from table Name where field like '%test%' and '%1%'='%1%'
3. If you can determine whether there is SQL injection (novice summary, for reference only )
To put it simply:
All inputs may trigger SQL injection as long as they interact with the database
SQL injection is based on the data Submission methods can be divided into:
(1) GET injection: The method of submitting data is GET, and the location of the injection point is in the GET parameter part. For example, there is such a link http://xxx.com/news.php?id=1, id is the injection point.
(2) POST injection: Use POST method to submit data. The injection point is in the POST data part, which often occurs in forms.
(3) Cookie injection: HTTP requests will bring the client's Cookie, and the injection point exists in a certain field in the Cookie.
(4) HTTP header injection: The injection point is in a certain field in the HTTP request header. For example, it exists in the User-Agent field. Strictly speaking, Cookie should actually be considered a form of header injection. Because during HTTP requests, Cookie is a field in the header.
After classifying according to the submission method, you will find that the longest locations where SQL injection occurs are in the link address, data parameters, cookie information, and HTTP request headers.
After understanding the locations where SQL injection may exist, we need to determine whether SQL injection can be triggered at these locations. The simplest way is to enter and 1=1 (and the transformed form of and 1=1) at the corresponding location. judge. For different injection point types, single quotes need to be added appropriately for character types, but not for numeric injection points.
4. Advanced classification of SQL injection (classified according to execution effect)
(1) Boolean-based blind injection: That is, the injection of true and false conditions can be judged based on the returned page.
(2) Time-based blind injection: That is, no information can be judged based on the content returned by the page. Use conditional statements to check whether the time delay statement is executed (that is, whether the page return time increases). .
(3) Injection based on error reporting: That is, the page will return error information, or the result of the injected statement will be returned directly to the page.
(4) Union query injection: Injection in the case of union can be used.
(5) Heap query injection: The injection of multiple statements can be executed at the same time.
(6) Wide byte injection: Using gbk is a multi-byte encoding, two bytes represent a Chinese character
This article is for your study only. Never maliciously attack other people's websites.
Recommended tutorial: SQL online video tutorial
The above is the detailed content of Detailed introduction to sql injection. For more information, please follow other related articles on the PHP Chinese website!

In practical applications, SQL is mainly used for data query and analysis, data integration and reporting, data cleaning and preprocessing, advanced usage and optimization, as well as handling complex queries and avoiding common errors. 1) Data query and analysis can be used to find the most sales product; 2) Data integration and reporting generate customer purchase reports through JOIN operations; 3) Data cleaning and preprocessing can delete abnormal age records; 4) Advanced usage and optimization include using window functions and creating indexes; 5) CTE and JOIN can be used to handle complex queries to avoid common errors such as SQL injection.

SQL is a standard language for managing relational databases, while MySQL is a specific database management system. SQL provides a unified syntax and is suitable for a variety of databases; MySQL is lightweight and open source, with stable performance but has bottlenecks in big data processing.

The SQL learning curve is steep, but it can be mastered through practice and understanding the core concepts. 1. Basic operations include SELECT, INSERT, UPDATE, DELETE. 2. Query execution is divided into three steps: analysis, optimization and execution. 3. Basic usage is such as querying employee information, and advanced usage is such as using JOIN connection table. 4. Common errors include not using alias and SQL injection, and parameterized query is required to prevent it. 5. Performance optimization is achieved by selecting necessary columns and maintaining code readability.

SQL commands are divided into five categories in MySQL: DQL, DDL, DML, DCL and TCL, and are used to define, operate and control database data. MySQL processes SQL commands through lexical analysis, syntax analysis, optimization and execution, and uses index and query optimizers to improve performance. Examples of usage include SELECT for data queries and JOIN for multi-table operations. Common errors include syntax, logic, and performance issues, and optimization strategies include using indexes, optimizing queries, and choosing the right storage engine.

Advanced query skills in SQL include subqueries, window functions, CTEs and complex JOINs, which can handle complex data analysis requirements. 1) Subquery is used to find the employees with the highest salary in each department. 2) Window functions and CTE are used to analyze employee salary growth trends. 3) Performance optimization strategies include index optimization, query rewriting and using partition tables.

MySQL is an open source relational database management system that provides standard SQL functions and extensions. 1) MySQL supports standard SQL operations such as CREATE, INSERT, UPDATE, DELETE, and extends the LIMIT clause. 2) It uses storage engines such as InnoDB and MyISAM, which are suitable for different scenarios. 3) Users can efficiently use MySQL through advanced functions such as creating tables, inserting data, and using stored procedures.

SQLmakesdatamanagementaccessibletoallbyprovidingasimpleyetpowerfultoolsetforqueryingandmanagingdatabases.1)Itworkswithrelationaldatabases,allowinguserstospecifywhattheywanttodowiththedata.2)SQL'sstrengthliesinfiltering,sorting,andjoiningdataacrosstab

SQL indexes can significantly improve query performance through clever design. 1. Select the appropriate index type, such as B-tree, hash or full text index. 2. Use composite index to optimize multi-field query. 3. Avoid over-index to reduce data maintenance overhead. 4. Maintain indexes regularly, including rebuilding and removing unnecessary indexes.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

WebStorm Mac version
Useful JavaScript development tools

SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.

MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

Atom editor mac version download
The most popular open source editor