How does PHP code site prevent SQL injection vulnerability
- 2020-05-16 06:31:26
- OfStack
Hackers can get access to the website database through SQL injection attack, and then they can get all the data in the website database. Malicious hackers can tamper with the data in the database or even destroy the data in the database through the injection function of SQL. As a web developer who hates this type of hacking, it's important to understand how SQL works and learn how to protect your database with code. Today, using the PHP and MySQL databases as examples, I would like to share with you my understanding of SQL injection attacks and some simple precautions and tips on how to avoid SQL injection attacks.
What is SQL injection (SQL Injection)?
In simple terms, SQL injection USES a code vulnerability to obtain data from the SQL database in the background of a website or application so that access to the database can be obtained. For example, a hacker can take advantage of a vulnerability in the website code and use SQL injection to obtain all the data information in the back-end database of a company's website. After getting the database administrator's login username and password, the hacker is free to modify the contents of the database and even delete the database. The SQL injection can also be used to verify the security of a website or application. There are many ways to inject SQL, but this article will only cover the basics. We'll take PHP and MySQL as examples. The examples in this article are simple and easy to understand in other languages, so focus on the SQL command.
A simple SQL injection attack case
Suppose we have 1 company website, in the backstage database of the website saved all customer data and other important information. Suppose there is a command in the code of the login page to read the user information.
Now there is a hacker who wants to attack your database, he will try to enter the following code in the user name input box of this login page:
' ; SHOW TABLES;
Click the login key and the page will display all the tables in the database. If he now USES the following command:
'; DROP TABLE [table name];
So he deleted 1 table!
Of course, this is a very simple example, the actual SQL injection method is much more complex than this, and hackers are willing to spend a lot of time trying to attack your code. Some programs can also automatically try out SQL injection attacks. With an understanding of the attack principle of SQL injection, let's take a look at how to prevent an SQL injection attack.
Guard against SQL injection - use the mysql_real_escape_string() function
Use this function mysql_real_escape_string() in the code for database operations to filter out special characters in the code, such as quotation marks. The following cases:
Guard against SQL injection - use the mysql_query() function
mysql_query() in particular, it will only execute section 1 of the SQL code, and the rest will not execute. Recall that in the previous example, the hacker executed several SQL commands in the background through code, showing the names of all the tables. So the mysql_query() function takes a step forward protection. We take a step further and evolve the code to get the following code:
In addition, we can determine the length of the input value in the PHP code, or we can use a function to check the input value. So in the place that accepts user input value 1 must do a good job of filtering and checking the input content. Of course, it is also important to learn and understand the latest SQL injection methods, so as to achieve a targeted prevention. If you are using a platform web system such as Wordpress, be sure to patch or upgrade to a new version in a timely way. If you don't get it right or understand it, please leave a comment in the comments section.
What is SQL injection (SQL Injection)?
In simple terms, SQL injection USES a code vulnerability to obtain data from the SQL database in the background of a website or application so that access to the database can be obtained. For example, a hacker can take advantage of a vulnerability in the website code and use SQL injection to obtain all the data information in the back-end database of a company's website. After getting the database administrator's login username and password, the hacker is free to modify the contents of the database and even delete the database. The SQL injection can also be used to verify the security of a website or application. There are many ways to inject SQL, but this article will only cover the basics. We'll take PHP and MySQL as examples. The examples in this article are simple and easy to understand in other languages, so focus on the SQL command.
A simple SQL injection attack case
Suppose we have 1 company website, in the backstage database of the website saved all customer data and other important information. Suppose there is a command in the code of the login page to read the user information.
<?
$q = "SELECT `id` FROM `users` WHERE `username`= ' " .$_GET['username']. " ' AND `password`= ' " .$_GET['password']. " ' ";
?>
Now there is a hacker who wants to attack your database, he will try to enter the following code in the user name input box of this login page:
' ; SHOW TABLES;
Click the login key and the page will display all the tables in the database. If he now USES the following command:
'; DROP TABLE [table name];
So he deleted 1 table!
Of course, this is a very simple example, the actual SQL injection method is much more complex than this, and hackers are willing to spend a lot of time trying to attack your code. Some programs can also automatically try out SQL injection attacks. With an understanding of the attack principle of SQL injection, let's take a look at how to prevent an SQL injection attack.
Guard against SQL injection - use the mysql_real_escape_string() function
Use this function mysql_real_escape_string() in the code for database operations to filter out special characters in the code, such as quotation marks. The following cases:
<?
$q = "SELECT `id` FROM `users` WHERE `username`= ' " .mysql_real_escape_string( $_GET['username'] ). " ' AND `password`= ' " .mysql_real_escape_string( $_GET['password'] ). " ' ";
?>
Guard against SQL injection - use the mysql_query() function
mysql_query() in particular, it will only execute section 1 of the SQL code, and the rest will not execute. Recall that in the previous example, the hacker executed several SQL commands in the background through code, showing the names of all the tables. So the mysql_query() function takes a step forward protection. We take a step further and evolve the code to get the following code:
<?
//connection
$database = mysql_connect("localhost", "username","password");
//db selection
mysql_select_db("database", $database);
$q = mysql_query("SELECT `id` FROM `users` WHERE `username`= ' " .mysql_real_escape_string( $_GET['username'] ). " ' AND `password`= ' " .mysql_real_escape_string( $_GET['password'] ). " ' ", $database);
?>
In addition, we can determine the length of the input value in the PHP code, or we can use a function to check the input value. So in the place that accepts user input value 1 must do a good job of filtering and checking the input content. Of course, it is also important to learn and understand the latest SQL injection methods, so as to achieve a targeted prevention. If you are using a platform web system such as Wordpress, be sure to patch or upgrade to a new version in a timely way. If you don't get it right or understand it, please leave a comment in the comments section.