此查询对SQL注入安全吗? [英] Is this query safe from sql injection?
问题描述
脚本在PHP中,作为数据库,我使用MySQL.这是脚本本身.
The script is in PHP and as DB I use MySQL. Here is the script itself.
$unsafe_variable = $_GET["user-input"];
$sql=sprintf("INSERT INTO table (column) VALUES('%s')",$unsafe_variable);
mysql_query($sql);
有人说,如果用户为变量$ unsafe_variable分配;DROP TABLE blah;
字符串,它将删除该表.
Some people say that if user assigns ;DROP TABLE blah;
string to the variable $unsafe_variable it deletes the table.
但是我尝试了这个例子,
But I tried this example,
http://localhost/test.php?user-input=DROP%20TABLE%20my_table
但是它并没有删除表,而是在表中插入了新行(;DROP TABLE blah;)
.
But it didn't delete the table but instead inserted a new row (;DROP TABLE blah;)
in the table.
有人可以向我解释一下如何通过sql注入攻击该脚本吗?
Could anybody explain me how it is possible to attack this script with sql injections?
推荐答案
由于PHP的mysql_query
函数每次调用只允许一个查询,因此这种特殊的注入将不起作用.但是,如果column
具有主键或唯一键,则以下操作可能会起作用:
That particular injection wouldn't work since PHP's mysql_query
function only allows one query per call. However, the following may work if column
has a primary or unique key:
$unsafe_variable = "admin') ON DUPLICATE KEY UPDATE password=MD5(CONCAT('knownsalt', 'newpassword'))#";
最好使用冗长的mysql_real_escape_string
函数:
$sql=sprintf("INSERT INTO table (column) VALUES(%s)",
mysql_real_escape_string($unsafe_variable));
mysql_query($sql);
这篇关于此查询对SQL注入安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!