¿ìËÙÒµÎñͨµÀ

ÔÚPHPÖÐÈ«Ãæ×èÖ¹SQL×¢Èëʽ¹¥»÷Ö®Èý

×÷Õß ØýÃû¼¼Êõ À´Ô´ NET±à³Ì ä¯ÀÀ ·¢²¼Ê±¼ä 2012-05-25
ÔìºÍÖ´Ðвéѯ¡£¶øÇÒ£¬ËüÒ²·Ç³£×¼È·µØÌṩÁËÇ°ÃæʹÓÃÎÒÃÇ×Ô¼ºµÄsafe()º¯ÊýËùʵÏֵŦÄÜ¡£

¡¡¡¡ÔÚÉÏÃæµÄƬ¶ÏÖУ¬Ê×ÏÈÊÕ¼¯Óû§Ìá½»µÄÊäÈëÄÚÈݲ¢½¨Á¢Êý¾Ý¿âÁ¬½Ó¡£È»ºó£¬Ê¹ÓÃmysqli_prepare()º¯Êý´´½¨Ò»¸ö²éѯÓï¾äÔ´-ÔÚ´ËÃüÃûΪ$stmtÒÔ·´Ó³Ê¹ÓÃËüµÄº¯ÊýµÄÃû³Æ¡£Õâ¸öº¯ÊýʹÓÃÁËÁ½¸ö²ÎÊý£ºÁ¬½Ó×ÊÔ´ºÍÒ»¸ö×Ö·û´®£¨Ã¿µ±ÄãʹÓÃÀ©Õ¹²åÈëÒ»¸öֵʱ£¬"?"±ê¼Ç±»²åÈëµ½ÆäÖУ©¡£ÔÚ±¾ÀýÖУ¬Äã½öÓÐÒ»¸öÕâÑùµÄÖµ-¶¯ÎïµÄÃû×Ö¡£

¡¡¡¡×¢Ò⣬ÔÚÒ»¸öSELECTÓï¾äÖУ¬·ÅÖÃ"?"±ê¼ÇµÄΨһµÄÓÐЧλÖÃÊÇÔÚÖµ±È½Ï²¿·Ö¡£ÕâÕýÊÇΪʲôÄã²»ÐèÒªÖ¸¶¨Ê¹ÓÃÄĸö±äÁ¿µÄÔ­Òò£¨³ýÁËÔÚmysqli_stmt_bind_param()º¯ÊýÖÐÖ®Í⣩¡£ÔÚ´Ë£¬Ä㻹ÐèÒªÖ¸¶¨ËüµÄÀàÐÍ-ÔÚ±¾ÀýÖУ¬"s"´ú±í×Ö·û´®¡£ÆäËü¿ÉÄܵÄÀàÐÍÓУº"I"´ú±íÕûÊý£¬"d"´ú±íË«¾«¶ÈÊý(»ò¸¡µãÊý)£¬¶ø"b"´ú±í¶þ½øÖÆ×Ö·û´®¡£

¡¡¡¡º¯Êýmysqli_stmt_execute()£¬mysqli_stmt_bind_result()ºÍmysqli_stmt_fetch()¸ºÔðÖ´Ðвéѯ²¢¼ìË÷½á¹û¡£Èç¹û´æÔÚ¼ìË÷½á¹û£¬ÔòÏÔʾËüÃÇ£»Èç¹û²»´æÔÚ½á¹û£¬ÔòÏÔʾһÌõÎÞº¦µÄÏûÏ¢¡£×îºó£¬ÄãÐèÒª¹Ø±Õ$stmt×ÊÔ´ÒÔ¼°Êý¾Ý¿âÁ¬½Ó-´ÓÄÚ´æÖжÔËüÃǼÓÒÔÊÍ·Å¡£

¡¡¡¡¼Ù¶¨Ò»¸öºÏ·¨µÄÓû§ÊäÈëÁË×Ö·û´®"lemming"£¬ÄÇôÕâ¸öÀý³Ì½«(¼Ù¶¨ÊÇÊý¾Ý¿âÖÐÊʵ±µÄÊý¾Ý)Êä³öÏûÏ¢"A lemming has very low intelligence."¡£¼Ù¶¨´æÔÚÒ»¸ö³¢ÊÔÐÔ×¢Èë-ÀýÈç"lemming'' or 1=1;"£¬ÄÇôÕâ¸öÀý³Ì½«´òÓ¡(ÎÞº¦)ÏûÏ¢"Sorry, no records found."¡£
´ËÍ⣬mysqliÀ©Õ¹»¹ÌṩÁËÒ»¸öÃæÏò¶ÔÏó°æ±¾µÄÏàͬµÄÀý³Ì¡£ÏÂÃ棬ÎÒÃÇÏë˵Ã÷ÕâÖÖ°æ±¾µÄʹÓ÷½·¨¡£

£¼?php
¡¡$animalName = ÔÚPHPÖÐÈ«Ãæ×èÖ¹SQL×¢Èëʽ¹¥»÷Ö®Èý - ÁèÖڿƼ¼

¿ìËÙÒµÎñͨµÀ

ÔÚPHPÖÐÈ«Ãæ×èÖ¹SQL×¢Èëʽ¹¥»÷Ö®Èý

×÷Õß ØýÃû¼¼Êõ À´Ô´ NET±à³Ì ä¯ÀÀ ·¢²¼Ê±¼ä 2012-05-25
content

ÁèÖڿƼ¼×¨ÒµÌṩ·þÎñÆ÷×âÓᢷþÎñÆ÷Íйܡ¢ÆóÒµÓʾ֡¢ÐéÄâÖ÷»úµÈ·þÎñ£¬¹«Ë¾ÍøÕ¾£ºhttp://www.lingzhong.cn ΪÁ˸ø¹ã´ó¿Í»§Á˽â¸ü¶àµÄ¼¼ÊõÐÅÏ¢£¬±¾¼¼ÊõÎÄÕÂÊÕ¼¯À´Ô´ÓÚÍøÂç,ÁèÖڿƼ¼×ðÖØÎÄÕÂ×÷ÕߵİæȨ£¬Èç¹ûÓÐÉæ¼°ÄãµÄ°æȨÓбØҪɾ³ýÄãµÄÎÄÕ£¬ÇëºÍÎÒÃÇÁªÏµ¡£ÒÔÉÏÐÅÏ¢ÓëÎÄÕÂÕýÎÄÊDz»¿É·Ö¸îµÄÒ»²¿·Ö,Èç¹ûÄúҪתÔر¾ÎÄÕÂ,Çë±£ÁôÒÔÉÏÐÅÏ¢£¬Ð»Ð»!

Copyright ©1999-2011 ÏÃÃÅÁèÖڿƼ¼ÓÐÏÞ¹«Ë¾ ÏÃÃÅÓÅͨ»¥Áª¿Æ¼¼¿ª·¢ÓÐÏÞ¹«Ë¾ All rights reserved

µØÖ·(ADD)£ºÏÃÃÅÈí¼þÔ°¶þÆÚÍûº£Â·63ºÅ701E£¨¶«ÄÏÈÚͨÅÔ£© Óʱà(ZIP)£º361008

µç»°£º0592-5908028 ´«Õ棺0592-5908039 ×ÉѯÐÅÏ䣺web@lingzhong.cn ×ÉѯOICQ£º173723134

¡¶ÖлªÈËÃñ¹²ºÍ¹úÔöÖµµçÐÅÒµÎñ¾­ÓªÐí¿ÉÖ¤¡·ÃöB2-20100024  ICP±¸°¸:ÃöICP±¸05037997ºÅ

POST[''animalName''];
¡¡$mysqli = new mysqli( ''localhost'', ''username'', ''password'', ''database'');
¡¡if ( !$mysqli ) exit( ''connection failed: '' . mysqli_connect_error() );
¡¡$stmt = $mysqli-£¾prepare( "SELECT intelligence
¡¡FROM animals WHERE name = ?" );
¡¡if ( $stmt ) {
¡¡¡¡$stmt-£¾bind_param( "s", $animalName );
¡¡¡¡$stmt-£¾execute();
¡¡¡¡$stmt-£¾bind_result( $intelligence );
¡¡¡¡if ( $stmt-£¾fetch() ) {
¡¡¡¡¡¡print "A $animalName has $intelligence intelligence.\n";
¡¡¡¡} else {
¡¡¡¡¡¡print ''Sorry, no records found.'';
¡¡¡¡}
¡¡¡¡$stmt-£¾close();
¡¡}
¡¡$mysqli-£¾close();
?£¾

¡¡¡¡Êµ¼ÊÉÏ£¬Õⲿ·Ö´úÂëÊÇÇ°ÃæÃèÊö´úÂëµÄ¸´ÖÆ-ËüʹÓÃÁËÒ»ÖÖÃæÏò¶ÔÏóµÄÓï·¨ºÍ×éÖ¯·½·¨£¬¶ø²»ÊÇÑϸñµÄ¹ý³Ìʽ´úÂë¡£
¡¡¡¡ËÄ¡¢ ¸ü¸ß¼¶µÄ³éÏó

¡¡¡¡Èç¹ûÄãʹÓÃÍⲿ¿âPearDB£¬ÄÇô£¬Äã¿ÉÒÔ¶ÔÓ¦ÓóÌÐòµÄ°²È«±£»¤Ä£¿é½øÐÐÈ«ÃæµÄ³éÏó¡£

¡¡¡¡ÁíÒ»·½Ã棬ʹÓÃÕâ¸ö¿â´æÔÚÒ»¸öÍ»³öµÄȱµã£ºÄãÖ»ÄÜÊÜÏÞÓÚijЩÈ˵Ä˼Ï룬¶øÇÒ´úÂë¹ÜÀí·½ÃæÒ²Ìí¼ÓÁË´óÁ¿µÄ¹¤×÷¡£Îª´Ë£¬ÔÚ¾ö¶¨ÊÇ·ñʹÓÃËüÃÇ֮ǰ£¬ÄãÐèÒª½øÐÐ×ÐϸµØÕå×á£Èç¹ûÄã¾ö¶¨ÕâÑù×ö£¬ÄÇô£¬ÄãÖÁÉÙÈ·±£ËüÃÇÄܹ»ÕæÕý°ïÖúÄã"ÇåÀí"ÄãµÄÓû§ÊäÈëµÄÄÚÈÝ¡£

¡¡¡¡Îå¡¢ ²âÊÔÄãµÄ×¢Èëʽ±£»¤ÄÜÁ¦

¡¡¡¡ÕýÈçÎÒÃÇÔÚÇ°ÃæËùÌÖÂ۵ģ¬È·±£ÄãµÄ½Å±¾°²È«µÄÒ»¸öÖØÒªµÄ²¿·ÖÊǶÔËüÃǽøÐвâÊÔ¡£Îª´Ë£¬×îºÃµÄ°ì·¨ÊÇÄã×Ô¼º´´½¨SQL´úÂë×¢Èë²âÊÔ¡£
ÔÚ´Ë£¬ÎÒÃÇÌṩÁËÒ»¸öÕâÖÖ²âÊÔµÄʾÀý¡£ÔÚ±¾ÀýÖУ¬ÎÒÃDzâÊÔ¶ÔÒ»¸öSELECTÓï¾äµÄ×¢Èëʽ¹¥»÷¡£

£¼?php
//±»²âÊԵı£»¤º¯Êý
function safe( $string ) {
¡¡return "''" . mysql_real_escape_string( $string ) . "''"
}
//Á¬½Óµ½Êý¾Ý¿â
///////////////////////
//ÊÔͼ½øÐÐ×¢Èë
///////////////////////
$exploit = "lemming'' AND 1=1;";
//½øÐÐÇåÀí
$safe = safe( $exploit );
$query = "SELECT * FROM animals WHERE name = $safe";
$result = mysql_query( $query );
//²âÊÔÊÇ·ñ±£»¤ÊÇ×ã¹»µÄ
if ( $result && mysql_num_rows( $result ) == 1 ) {
¡¡exitt "Protection succeeded:\n
¡¡exploit $exploit was neutralized

ÁèÖڿƼ¼×¨ÒµÌṩ·þÎñÆ÷×âÓᢷþÎñÆ÷Íйܡ¢ÆóÒµÓʾ֡¢ÐéÄâÖ÷»úµÈ·þÎñ£¬¹«Ë¾ÍøÕ¾£ºhttp://www.lingzhong.cn ΪÁ˸ø¹ã´ó¿Í»§Á˽â¸ü¶àµÄ¼¼ÊõÐÅÏ¢£¬±¾¼¼ÊõÎÄÕÂÊÕ¼¯À´Ô´ÓÚÍøÂç,ÁèÖڿƼ¼×ðÖØÎÄÕÂ×÷ÕߵİæȨ£¬Èç¹ûÓÐÉæ¼°ÄãµÄ°æȨÓбØҪɾ³ýÄãµÄÎÄÕ£¬ÇëºÍÎÒÃÇÁªÏµ¡£ÒÔÉÏÐÅÏ¢ÓëÎÄÕÂÕýÎÄÊDz»¿É·Ö¸îµÄÒ»²¿·Ö,Èç¹ûÄúҪתÔر¾ÎÄÕÂ,Çë±£ÁôÒÔÉÏÐÅÏHTTP/1.1 401 Access Denied ß¼¶½Ì³Ì(6):PHP Sessions" target="_blank">PHP¸ß¼¶½Ì³Ì(6):PHP Sessions

  • PhotoshopÈëÃÅ:»æÖÆÁ¢ÌåЧ¹û°ÂÔËÎ廷Ч¹ûͼ
  • LinuxϵÄVsftpdÅäÖÃƪ
  • DIVºÍtableÒ³Ãæ²¼¾ÖµÄÇø±ðºÍÁªÏµ
  • ÈçºÎʵÏÖ¶þάÏòÁ¿ - ±à³ÌÈëÃÅÍø
  • ÍøÂçÓªÏú¹«Ë¾ÔÚÔËÓªÖеIJßÂÔ
  • iBATIS 3ÄÚµÄÐÂÌØÐÔ£º½«iBATISÓÃ×÷Ó¦ÓóÌÐòÄÚµÄÒ»Öֳ־ÿò¼Ü - ±à³ÌÈëÃÅÍø
  • Photoshop»æÖƸ߹âË®¾§ÖʸÐË®¾§Æ»¹û
  • Copyright ©1999-2011 ÏÃÃÅÁèÖڿƼ¼ÓÐÏÞ¹«Ë¾ ÏÃÃÅÓÅͨ»¥Áª¿Æ¼¼¿ª·¢ÓÐÏÞ¹«Ë¾ All rights reserved

    µØÖ·(ADD)£ºÏÃÃÅÈí¼þÔ°¶þÆÚÍûº£Â·63ºÅ701E£¨¶«ÄÏÈÚͨÅÔ£© Óʱà(ZIP)£º361008

    µç»°£º0592-5908028 ´«Õ棺0592-5908039 ×ÉѯÐÅÏ䣺web@lingzhong.cn ×ÉѯOICQ£º173723134

    ¡¶ÖлªÈËÃñ¹²ºÍ¹úÔöÖµµçÐÅÒµÎñ¾­ÓªÐí¿ÉÖ¤¡·ÃöB2-20100024  ICP±¸°¸:ÃöICP±¸05037997ºÅ