PHP的SQL注入 [英] php sql injection
问题描述
这些天,我一直在冲浪,并且了解SQL INJECTION ATTACK.我试图在我的本地计算机上实现,以了解如何做到这一点,以便可以在我的系统中阻止它...
I have been surfing these days and got to know about SQL INJECTION ATTACK. i have tried to implement on my local machine to know how this can be done so that i can prevent it in my system...
我写了这样的代码
PHP代码:
if(count($_POST) > 0){
$con = mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db('acelera',$con) or die(mysql_error()); //
echo $sql = 'SELECT * FROM acl_user WHERE user_email = "'.$_POST['email'].'" AND user_password = "'.$_POST['pass'].'"';
$res_src = mysql_query($sql);
while($row = mysql_fetch_array($res_src)){
echo "<pre>";print_r($row);echo "</pre>";
}
}
HTML代码:
<html>
<head></head>
<body>
EMAIL : <input type="text" name="email" id="email" /><br />
PASWD : <input type="text" name="pass" id="pass" /><br />
<input type="submit" name="btn_submit" value="submit email pass" />
</body>
</html>
通过此代码
如果我将输入作为" OR ""="给出,则应完成sql注入.
但它不能正常工作.在帖子数据中,如果我在密码字段中输入以上内容,则我会加上斜杠.
by this code if i give input as " OR ""=" then sql injection should get done.
but it is not working properly. in post data i have addition slashes if i give above input in password field.
任何人都可以告诉我如何实际执行SQL INJECTION ATTACK吗?(代码会更容易理解)
can any one show me how actually SQL INJECTION ATTACK can be done?(code will be more appreciable)
推荐答案
您可能已启用了魔术引号.检查 get_magic_quotes_gpc 的返回值.
You probably have magic quotes enabled. Check the return value of get_magic_quotes_gpc.
魔术引号"是PHP的一种古老尝试,可以自动魔术地阻止它们注入SQL,但在当前版本中,已弃用了它,建议您使用
"Magic quotes" is an antique attempt from PHP to auto-magically prevent SQL injection, but in current versions it has been deprecated and you are encouraged to use prepared statements to avoid SQL injection.
请参见此处如何禁用它们,以便您可以尝试使用SQL注入.
See here how to disable them so you can experiment with SQL injection.
这篇关于PHP的SQL注入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
