Let’s talk about how SQL injection attacks are implemented and how to prevent them.
Look at this example:
Copy the code The code is as follows:
// supposed input
$name = "ilia'; DELETE FROM users;";
mysql_query("SELECT * FROM users WHERE name='{ $name}'");
Obviously the last command executed by the database is:
SELECT * FROM users WHERE name=ilia; DELETE FROM users
This brings disastrous consequences to the database – all records are deleted .
But if the database you are using is MySQL, then fortunately, the mysql_query() function does not allow you to directly perform such operations (multiple statement operations cannot be performed in a single line), so you can rest assured. If the database you are using is SQLite or PostgreSQL and supports such statements, you will face disaster.
As mentioned above, SQL injection mainly submits unsafe data to the database to achieve the purpose of attack. In order to prevent SQL injection attacks, PHP comes with a function that can process the input string and perform preliminary security processing on the input at the lower level, that is, Magic Quotes. (php.ini magic_quotes_gpc). If the magic_quotes_gpc option is enabled, then single quotes, double quotes, and other characters in the input string will be automatically preceded by backslashes.
But Magic Quotes is not a very universal solution, it does not block all potentially dangerous characters, and Magic Quotes is not enabled on many servers. Therefore, we also need to use various other methods to prevent SQL injection.
Many databases themselves provide this input data processing function. For example, PHP's MySQL operation function has a function called mysql_real_escape_string(), which can escape special characters and characters that may cause database operation errors.
Look at this code:
Copy the code The code is as follows:
//If the Magic Quotes function is enabled
if (get_magic_quotes_gpc()) {
$name = stripslashes($name);
}else{
$name = mysql_real_escape_string($name);
}
mysql_query("SELECT * FROM users WHERE name='{$name}'");
Note, before we use the functions provided by the database, we must judge the Magic Quotes Whether to open it, as in the above example, otherwise an error will occur if the process is repeated twice. If MQ is enabled, we have to remove the added ones to get the real data.
In addition to preprocessing the above string-form data, when storing Binary data in the database, you should also pay attention to preprocessing. Otherwise, the data may conflict with the storage format of the database itself, causing the database to crash, data records to be lost, or even the entire database to be lost. Some databases, such as PostgreSQL, provide a function pg_escape_bytea() specially used to encode binary data, which can encode the data similar to Base64.代 代:
Copy code code:
// for plain-text data use:
pg_escape_string ($ regula_strings);
for binary data use:
pg_escapea_data ($ binary_data); Bleak
In another case, we also need to adopt such a mechanism. That is, multi-byte languages such as Chinese, Japanese, etc. that are not supported by the database system itself. Some of them have ASCII ranges that overlap with binary data ranges.
However, encoding the data may cause query statements like LIKE abc% to become invalid.
The above introduces sql rounding tips on PHP and SQL injection attack prevention, including sql rounding. I hope it will be helpful to friends who are interested in PHP tutorials.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
