Shulou(Shulou.com)05/31 Report--

This article is to share with you about the role of Injection in SQL, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

SQL Injection,SQL injection, in fact, is to take advantage of code vulnerabilities to change the meaning of SQL to form malicious SQL statements.

$username = $_ POST ['username']; $password = $_ POST [' password']; $query = "select * from users where username ='{$username} 'and password =' {$password}'"; / / determine whether if (DB::select ($query)) {return true;} return false is logged in successfully

At first glance, there is no problem with this pseudo code, that is, to determine whether the account password is correct, return true and allow login. But if the username passed in is 123'or 1, then the SQL statement becomes

Select * from users where username = '123' or 1 situation # and password =' {$password}'"

This malicious SQL statement will return true at any time, because 1: 1

Injection through ORM

As we mentioned earlier, SQL Injection exploits code vulnerabilities to change the meaning of SQL, meaning that ORM is also a potential injection point. Take tp3.2 as an example, there is the following code

$result = D ('User')-> where ([' username' = > $_ POST ['username'],' password' = > $_ POST ['password'],]); if ($result) {echo' login successful';} else {echo 'login failed';}

This code looks fine, but if username passes in username [0] = neq&username [1] = 1111, the query statement becomes

$result = D ('User')-> where ([' username' = > ['neq', 111],' password' = > $_ POST ['password'],])

Then the result of $result will always be true

Prevention method

Perform data type judgment and data type conversion on the incoming parameters

To escape quotation marks, PHP can use functions such as addslashes,mysql_real_escape_string

Pre-processing statements, the most effective prevention of SQL Injection

Code audit

How preprocessing statements prevent SQL Injection

Preprocessing statements are implemented by the database. For example, MySQL implements preprocessing statements. First of all, let's talk about the basic process of pretreatment.

MySQL receives the preprocessing SQL Template and immediately starts parsing (lexical and grammatical).

The client sends data to replace the placeholder in SQL Template.

MySQL executes the statement and returns the result

Delete preprocessing statement (optional)

So how do preprocessing statements prevent SQL injection? First of all, the so-called SQL Injection is to change the meaning of SQL by force. In step 1, the completed statement has been processed to fix the meaning of the SQL, and the replacement placeholder in step 2 does not change the meaning of the SQL. Here is an example of PHP PDO

$stmt = $pdo- > prepare ("select * from users where username ='? 'and password ='?'"); $stmt- > execute ("123'or 1, 'test'); above is the role of Injection in SQL, and the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.