1 , the basic principles PHP injection
Programmer experience level and uneven, a significant portion of programmers writing code, no
User input data to judge the legitimacy of the application security risk. Users can submit a piece of data
Database query code, according to the results of the program returns, access to certain data he wants to know, this is the so-called
SQL Injection, that is SQL injection. Affected system: input parameters without performing inspection and filtering system
SQL injection process
Now normally, we received through address the necessary parameters such as:
PHP100.php? Id = 2 page 2 we will use to write SQL statements
Normal: Select * From Table where id = 2
If we are familiar with SQL statements, you know 2 we can replace our need SQL statement
如: and exists (select id from admin)
2 , to prevent the implantation of several ways
In fact, the original is what we need to filter some of our common keywords and comply with such as:
Select,insert ,update, delete,and ,*,等等
example
function inject_check($sql_str) {
return eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile', $sql_str); // 进行过滤
}
Or the special symbols among the filter system function
Addslashes (content needs to be filtered)
3 , PHP security settings elsewhere
1, register_globals = Off is set to the closed state
2, when writing SQL statements so as not to omit small quotes or single quotes
Select * From Table Where id = 2 (not standardized)
Select * From ·Table· Where ·id·=’2’ ( 规范)
3, the correct use $ _POST $ _GET $ _SESSION etc. accept parameters, and filtered
4, to improve the skills database name, for some important fields can be named according to the characteristics of the program
5, to be used for packaging method, avoiding direct exposure SQL statements