Of Stack

Analysis on the Method of Preventing sql Injection in PHP Login

  • 2021-07-06 10:31:59
  • OfStack

Problems in preventing sql from injecting these details are generally those careless programmers or novice programmers. Because they didn't filter the data submitted by users, they broke your database when they tested it. Let's briefly introduce the sql injection method that may occur when a user logs in without security configuration. Let's take a look at it.

For example, the following 1 login code: 


if($l = @mysql_connect('localhost', 'root', '123')) or die(' Database connection failed ');
mysql_select_db('test');
mysql_set_charset('utf8');
$sql = 'select * from test where username = "$username" and password = "$password"';
$res = mysql_query($sql);
if(mysql_num_rows($res)){
header('Location:./home.php');
}else{
die(' Input error ');
}

Note that the above sql statement has great security risks. If you use the following universal password and universal user name, you can easily enter the page: 


$sql = 'select * from test where username = "***" and password = "***" or 1 = "1"';

Obviously, the universal password for this sql statement is: *** "or 1 =" 1 


$sql = 'select * from test where username ="***" union select * from users/* and password = "***"';

Positive slash * indicates that the following is not executed, and mysql supports union joint query, so all data can be directly queried; So the universal username for this sql statement is: *** "union select * from users/*

However, this injection is only for sql statements in the code, if 


$sql = "select * from test where username = $username and password = $password";

The above injection is at least useless, but the method is 1;
After using PDO, sql injection can be completely avoided, and in this era of rapid development, the framework is rampant, so there is no need to think too much about sql injection.
The following two functions to prevent sql registration are sorted out 


/*  Filter all GET Come over variable  */
foreach ($_GET as $get_key=>$get_var)
{
if (is_numeric($get_var)) {
$get[strtolower($get_key)] = get_int($get_var);
} else {
$get[strtolower($get_key)] = get_str($get_var);
}
}
/*  Filter all POST Incoming variables  */
foreach ($_POST as $post_key=>$post_var)
{
if (is_numeric($post_var)) {
$post[strtolower($post_key)] = get_int($post_var);
} else {
$post[strtolower($post_key)] = get_str($post_var);
}
}
/*  Filter function  */
// Integer filter function 
function get_int($number)
{
return intval($number);
}
// String filter function 
function get_str($string)
{
if (!get_magic_quotes_gpc()) {
return addslashes($string);
}
return $string;
}

There are also 1 blogs that will write like this 


<?php  
function post_check($post) 
{ 
if (!get_magic_quotes_gpc()) //  Judge magic_quotes_gpc Is it open  
{ 
$post = addslashes($post); //  Go on magic_quotes_gpc Filtering of submitted data without opening  
} 
$post = str_replace("_", " \ _", $post); //  Put  '_' Filter out  
$post = str_replace("%", " \ %", $post); //  Put ' % ' Filter out  
$post = nl2br($post); //  Enter conversion  
$post= htmlspecialchars($post); // html Tag conversion  
return $post; 
} 
?>

Related articles: