-
- CREATE TABLE users(
- username VARCHAR(32) CHARACTER SET GBK,
- password VARCHAR(32) CHARACTER SET GBK,
- PRIMARY KEY(username)
- );
Example, simulation only What happens when query data is escaped using addslashes (or magic_quotes_gpc):
-
- $mysql = array();
- $db = mysqli_init();
- $db->real_connect('localhost', 'lorui', 'lorui.com', 'lorui_db ');
- /* SQL injection example*/
- $_POST['username'] = chr(0xbf) . chr(0×27) . ' OR username = username /*'; $_POST['password'] = ' guess'; $mysql['username'] = addslashes($_POST['username']); $mysql['password'] = addslashes($_POST['password']); $sql = "SELECT * FROM users WHERE username = '{$mysql['username']}' AND password = '{$mysql['password']}'"; $result = $db->query($sql); if ($result-> num_rows) { /* Success*/ } else { /* Failure*/ }
Despite using addslashes, I can successfully log in without knowing the username and password.
This vulnerability can be easily exploited for SQL injection.
To avoid this vulnerability, use mysql_real_escape_string, prepared statements (Prepared Statements, or "parameterized queries"), or any of the mainstream database abstraction libraries.
| 
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
