当前位置: 首页 > 图文教程 > 网络编程 > PHP > PHP与MySQL中的SQL注入式漏洞
SQL注入式漏洞是许多PHP程序的主要安全危害,产生的原因是在向数据库执行插入等语句时,web开发者允许最终用户操作变量(例如根据表单提交内容显示相应信息),通常是_GET、_POST或_SESSION等全局变量。
让我们看以下的代码:
| 以下为引用的内容: <?PHP if (!is_numeric(_GET['id'])) { // id's not numeric? // kill the script before the query can run die("The id must be numeric!"); } query = "Select news_title, news_text "; query .= "FROM news"; query .= "Where news_id=". _GET['id']; mysql_query(query); ?> |
| 以下为引用的内容: <?PHP // Fix a _POST variable called firstName for MySQL firstName = _POST['firstName']; if (get_magic_quotes_gpc()) { // If magic quotes is enabled - turn the string back into an unsafe string firstName = stripslashes(firstName); } // Now convert the unsafe string into a MySQL safe string firstName= mysql_real_escape_string(firstName); // firstName should now be safe to insert into a query ?> |
| 以下为引用的内容: <?PHP firstName = _POST['firstName']; if (get_magic_quotes_gpc()) { // If magic quotes is enabled - turn the string back into an unsafe string firstName = stripslashes(firstName); } // Now convert the unsafe string into a MySQL safe string firstName = mysql_real_escape_string(firstName); // Safe query mysql_query("Insert INTO Names VALUES('". firstName ."')"); // Page output should look proper echo "Hello ". htmlentities(stripslashes(firstName)); ?> |
| 以下为引用的内容: <?PHP function VerifyInput(input, forceInt = false) { if (is_numeric(input)) { return input; } elseif (!forceInt) { if (get_magic_quotes_gpc()) { // if magic quotes is enabled, get rid of those // pesky slashes input = stripslashes(input); } // convert the input variable into a MySQL safe string. input = mysql_real_escape_string(input); return input; } else { // if input not an integer and forceInt = true, // kill script die("Invalid Input"); } } // _POST['name'] should be a string // _POST['id'] should be an integer, if not the script dies id = _POST['id']; name = _POST['name']; query = "Update users SET name=". VerifyInput(name) ." "; query .= "Where id=". VerifyInput(id, true); // query should be safe to run mysql_query(query); ?> |
评论 (0) All