如何使这段PHP SQL代码容易受到sql注入攻击 [英] How do I make this PHP SQL piece of code vulnerable to sql injection

查看:111
本文介绍了如何使这段PHP SQL代码容易受到sql注入攻击的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

嗨我需要让这段代码容易受到sql注入任何帮助,请将它用于我正在进行的项目,我对这两种语言都不太了解。



Hi i need to make this piece of code vulnerable to sql injection any help please,its for a project im working on and i don't know much of either language.

<?php

$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="Faults"; // Database name
$tbl_name="Users"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
//$myusername = ($myusername);
//$mypassword = ($mypassword);
//$myusername = ($myusername);
//$mypassword = ($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
echo "LOGIN SUCCSESS!!";
}
else {
echo "Wrong Username or Password";
}
?>

推荐答案

host = localhost; // 主机名
host="localhost"; // Host name


username = root; // Mysql用户名
username="root"; // Mysql username


password = ; // Mysql密码
password=""; // Mysql password


这篇关于如何使这段PHP SQL代码容易受到sql注入攻击的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆