本文實例講述了PHP+mysql防止SQL注入的方法����。分享給大家供大家參考����,具體如下:
SQL注入
例:腳本邏輯
$sql = "SELECT * FROM user WHERE userid = $_GET[userid] ";
案例1:
復制代碼代碼如下:
SELECT * FROM t WHERE a LIKE '%xxx%' OR (IF(NOW=SYSDATE(), SLEEP(5), 1)) OR b LIKE '1=1 ';
案例2:
復制代碼代碼如下:
SELECT * FROM t WHERE a > 0 AND b IN(497 AND (SELECT * FROM (SELECT(SLEEP(20)))a) );
案例3:
復制代碼代碼如下:
SELECT * FROM t WHERE a=1 and b in (1234 ,(SELECT (CASE WHEN (5=5) THEN SLEEP(5) ELSE 5*(SELECT 5 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)) );
監控以下方法
SLEEP() — 一般的SQL盲注都會伴隨SLEEP()函數出現,而且一般至少SLEEP 5秒以上
MID()
CHAR()
ORD()
SYSDATE()
SUBSTRING()
DATABASES()
SCHEMA()
USER()
VERSION()
CURRENT_USER()
LOAD_FILE()
OUTFILE/DUMPFILE
INFORMATION_SCHEMA
TABLE_NAME
fwrite()/fopen()/file_get_contents() — 這幾個是PHP文件操作函數
應對方法:
1.mysql_escape_string() 轉義特殊字符((PHP 4 >= 4.3.0, PHP 5))(mysql_real_escape_string必須先鏈接上數據庫�,否則會報錯)
下列字符受影響:
/x00 //對應于ascii字符的NULL
/n //換行符且回到下一行的最前端
/r //換行符
/ //轉義符
'
"
/x1a //16進制數
如果成功,則該函數返回被轉義的字符串���。如果失敗���,則返回 false����。
2.addslashes(): 函數返回在預定義字符之前添加反斜杠的字符串 (stripslashes()實現字符串還原)
預定義的字符有:
單引號(')
雙引號(")
反斜杠(/)
NULL
3.prepared statements(預處理機制)
<?php$mysqli = new mysqli("example.com", "user", "password", "database");if ($mysqli->connect_errno) { echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;}/* Non-prepared statement */if (!$mysqli->query("DROP TABLE IF EXISTS test") || !$mysqli->query("CREATE TABLE test(id INT)")) { echo "Table creation failed: (" . $mysqli->errno . ") " . $mysqli->error;}/* Prepared statement, stage 1: prepare */if (!($stmt = $mysqli->prepare("INSERT INTO test(id) VALUES (?)"))) { echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;}/* Prepared statement, stage 2: bind and execute */$id = 1;if (!$stmt->bind_param("i", $id)) { echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;}if (!$stmt->execute()) { echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;}?>
希望本文所述對大家PHP程序設計有所幫助���。
注:相關教程知識閱讀請移步到PHP教程頻道。
