这个 PHP 代码容易受到 SQL 注入的攻击吗? [英] Is this PHP code vulnerable to SQL injection?
问题描述
我有一个网站,我在服务器端使用 PHP,使用 mysql 作为数据库.我使用以下脚本从数据库中检索数据.有人能告诉我这段代码是否容易受到注入攻击吗?如果可以,请给出解决方案吗?
I have a website where I use PHP in server side and mysql as database. I use the following script to retrieve data from database. Could anybody let me know whether this code is vulnerable to injection attack? If so could you please give a solution?
<?php
// PHP script
$usrname=$_POST['usrname'];
$_SESSION['usremail']=$usrname;
$usrpassword=$_POST['passwd'];
$db=mysql_select_db('mydb',$connection);
$result=mysql_query("select usrfname,usrlname from userinformation where usremail='$usrname' and usrpassword='$usrpassword'") or die('failed to login');
非常感谢任何帮助.
谢谢
推荐答案
是的,它很容易受到攻击.您直接从用户输入中讨论值并将其放入您的查询中.
Yes, it's vulnerable. You're talking values directly from user input and placing it into your query.
您应该查看 mysql_real_escape_string
,或者(最好)使用提供参数化查询的 MySQLi.SQL 注入是由用户数据作为 SQL 代码而不是数据注入引起的.确保查询安全的唯一真正方法是使用参数化查询,它在协议级别将数据和查询文本分开.
You should look at mysql_real_escape_string
, or (preferably) use MySQLi which provides parameterised queries. SQL injections are caused by user data being injected as SQL code instead of data. The only true way to secure a query is to use parameterised queries, which separate the data and query text at the protocol level.
此外,您的密码以明文形式存储.您应该使用加盐哈希函数作为绝对最小值.
Furthermore, your passwords are stored in plaintext. You should use a salted hash function as an absolute minimum.
你还应该看看这些很棒的问题:
You should also take a look at these awesome questions:
这篇关于这个 PHP 代码容易受到 SQL 注入的攻击吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!