PHP PDO操作mysql不注意的话依然存在SQL注入-PHP源码-php.cn

Home

php教程

PHP源码

PHP PDO操作mysql不注意的话依然存在SQL注入

PHP中文网

May 23, 2016 pm 04:38 PM

最近出了一本书叫做《代码审计：企业级web代码安全架构》，专门介绍怎么从代码里挖掘漏洞，漏洞应该怎么防御，功能应该怎么设计会更安全。需要的朋友可以在淘宝、京东等网站搜索。

我们先来看一段代码

4090a74e0a08aa0e0eaf507d52c0f85aexec("set names 'gbk'");
$sql="select * from test where name = ? and password = ?";
$stmt = $dbh->prepare($sql);
$exeres = $stmt->execute(array($name, $pass));

上面这段代码虽然使用了pdo的prepare方式来处理sql查询，但是当PHP版本<5.3.6之前还是存在宽字节SQL注入漏洞，原因在于这样的查询方式是使用了PHP本地模拟prepare，再把完整的SQL语句发送给MySQL服务器，并且有使用set names 'gbk'语句，所以会有PHP和MySQL编码不一致的原因导致SQL注入，正确的写法应该是使用ATTR_EMULATE_PREPARES 来禁用PHP本地模拟prepare，代码如下：

4090a74e0a08aa0e0eaf507d52c0f85asetAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$dbh->exec("set names 'utf8'");
$sql="select * from test where name = ? and password = ?";
$stmt = $dbh->prepare($sql);
$exeres = $stmt->execute(array($name, $pass));

<?php 
dbh = new PDO("mysql:host=localhost; dbname=demo", "user", "pass");
$dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); 
$dbh->exec("set names &#39;utf8&#39;");
$sql="select * from test where name = ? and password = ?";
$stmt = $dbh->prepare($sql);
$exeres = $stmt->execute(array($name, $pass));

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Repo: How To Revive Teammates

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hello Kitty Island Adventure: How To Get Giant Seeds

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

3 weeks agoByDDD

R.E.P.O. Save File Location: Where Is It & How to Protect It?

3 weeks agoByDDD

Hot Tools

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software