Getting Started with PHP: SQL Injection

PHP Getting Started Guide: SQL Injection

With the rapid development of the Internet, Web applications are becoming more and more popular, and their security has become a matter of great concern. SQL injection is a common attack method in web applications. It can cause serious security problems and affect the normal operation of web applications. When learning and using PHP, it is very important to understand and master the relevant knowledge of SQL injection.

SQL injection refers to an attack method in which an attacker enters malicious SQL statements into a web application to bypass authentication, access database data, and perform unauthorized operations. SQL injection attacks take advantage of the web application's trust in user-entered data. The attacker forges the data entered by the user and allows the web application to treat them as trusted data.

The following takes a simple login form as an example to introduce the principles and preventive measures of SQL injection.

In PHP, dbms is usually connected through two extensions: mysqli and PDO. This article will take mysqli as an example.

First, we create a login form, and the user enters the username and password:

<!DOCTYPE html>
<html>
<head>
    <title>Login form</title>
</head>
<body>

    <form method="post" action="login.php">
        <label for="username">Username:</label>
        <input type="text" name="username" id="username" required>
        <br>
        <label for="password">Password:</label>
        <input type="password" name="password" id="password" required>
        <br>
        <input type="submit" value="Login">
    </form>

</body>
</html>

Next, we compare the username and password entered by the user with the data in the database, if they match If successful, the login is successful, otherwise the login fails.

<?php
$db_servername = "localhost";
$db_username = "username";
$db_password = "password";
$db_name = "database_name";

// create connection
$conn = mysqli_connect($db_servername, $db_username, $db_password, $db_name);

// check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}

// get user input
$user = $_POST["username"];
$pass = $_POST["password"];

// process user input
$sql = "SELECT * FROM users WHERE username='$user' AND password='$pass'";
$result = mysqli_query($conn, $sql);

// check result
if (mysqli_num_rows($result) > 0) {
    echo "Login success.";
} else {
    echo "Login failed.";
}

// close connection
mysqli_close($conn);
?>

The above code looks great, but it has a serious problem: it is vulnerable to SQL injection attacks.

The attacker can enter the following content in the user name and password input box:

' OR '1'='1

At this time, the generated query statement is:

SELECT * FROM users WHERE username='' OR '1'='1' AND password='' OR '1'='1'

This SQL statement will return Records of all users, so regardless of whether the username and password entered are correct, the login will be successful. This is how SQL injection attacks work.

To avoid SQL injection attacks, you need to be cautious when handling user-entered data. The following are some precautions:

1. Use parameterized queries such as mysqli or PDO, and do not directly splice user-entered data into SQL statements.
2. Perform strict verification and filtering on all input data, such as removing spaces, filtering special characters, etc.
3. Set the security policy of the program, such as restricting the data entered by the user to reduce the risk of SQL injection as much as possible.
4. Configure the security of the database, such as prohibiting administrators from logging in as root users, restricting network access, etc.

In short, when writing web applications, whether using PHP or other languages, you must take the issue of SQL injection attacks seriously. Only by strengthening the understanding and prevention of SQL injection attacks can we better protect the safe operation of web applications.

The above is the detailed content of Getting Started with PHP: SQL Injection. For more information, please follow other related articles on the PHP Chinese website!