Home > Database > Mysql Tutorial > body text

Learn more about SQL injection and prevention

php中世界最好的语言
Release: 2018-03-05 15:30:52
Original
2943 people have browsed it

This article analyzes the knowledge points related to SQL injection in detail through the comparison of SQL and MYSQL, as well as the principles of SQL injection and how to prevent SQL injection. I hope it can help some people in need.

1. What is sql injection?

Sql injection is an attack technique that adds sql code to the input parameters and passes it to the Sql server for parsing and execution

2. How did it happen?

Web developers cannot guarantee that all input has been filtered

The attacker uses the input data sent to the Sql server to construct executable Sql code

The database is not Make corresponding security configuration

3. How to find SQL vulnerabilities?

Identify all input points in the web application

Understand which types of requests trigger exceptions? (Special characters" or ')

Detect exceptions in server responses

4. How to perform a SQL injection attack?

Number injection:

Select * from tablename where id=1 or 1=1;

String injection:

Mysql’s comment feature:

The characters after

# and -- are commented out. No matter what password is entered, the query will be correct. Please click here to enter the image description

5. How to prevent sql injection?

##Strictly check the input format: is_numeric(var), tp5's validate verification, string injection uses regular expression to see if it is between [A-Za-z]

Escape: addslashes(str),

mysqli_escape_string() function for escaping

6. MySQLi’s precompilation mechanism

Parameterized binding

Parameterized binding is another barrier to prevent SQL injection. Both php MySQLi and PDO provide such functions. For example, MySQLi can query like this:

PDO is even more convenient, such as:

##Related recommendations:

sql injection Website method

Sharing of PHP’s simple and efficient method of preventing sql injection

Explanation of PHP’s method of preventing sql injection

The above is the detailed content of Learn more about SQL injection and prevention. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!