PHP and SQL injection attacks [a]
Haohappy
http://blog.csdn.net/Haohappy2004
SQL injection attacks are hacked site most commonly used means. If your site does not use strict user input validation, it is very vulnerable to SQL injection attacks. SQL injection attacks are often of poor data or by submitting a query to the site database is implemented, is likely to make a record in the database have been exposed to, changed or deleted. Here to talk about how SQL injection attacks to achieve, and how to prevent.
Here's an example:
//supposed input
$name=“ilia’;DELETE FROM users;”;
mysql_query(“SELECT*FROM users WHERE name=’{$name}’”);
Obviously the last database command is executed:
SELECT*FROM users WHERE name=ilia;DELETE FROM users
This has brought disastrous consequences to the database - all records are deleted.
But if you use a database is MySQL, so okay, mysql_query () function is not allowed direct such operations (multiple statements can not be a single line operation), so you can rest assured. If you are using a SQLite database or PostgreSQL, support such a statement, then will face a disaster.