为什么我的代码不易受到 SQL 注入的攻击?
Why is my code NOT vulnerable to SQL injection?
尝试制作一个容易受到 SQL 注入攻击的简单 PHP 应用程序。
如果 user/pass 正确,则让我登录,如果不正确,则不登录。
但是,当我尝试其中任何一个时:
' OR '1' = '1
' OR '1'='1
' OR '1' = '1' --
出现以下错误消息:
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given on line 14
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given on line 15
我也尝试在两个字段中注入并使用有效的 username/injection 和 injection/valid 密码组合,但无济于事。
有人可以指出问题吗?谢谢。代码:
<!-- index.php -->
<?php
include("config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
if(isset($_POST["sbm"])){
$username = $_POST['username'];
$password = $_POST['password'];
}
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_array($result);
$count = mysqli_num_rows($result);
if($count == 1) {
$_SESSION['login_user'] = $username;
header("location: welcome.php");
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<form method = "post">
<label>Username</label><input type = "text" name = "username"/><br /><br />
<label>Password</label><input type = "password" name = "password"/><br/><br />
<input type = "submit" value = "Login" name="sbm"/><br />
</form>
</body>
</html>
<!-- config.php -->
<?php
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', '');
define('DB_DATABASE', 'db');
$conn = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
?>
<!-- welcome.php -->
<html>
<head>
<title>Welcome</title>
</head>
<body>
<h1>Welcome</h1>
</body>
</html>
经典的SQL注入方式:
Query: SELECT * FROM Users WHERE username='$username' AND password='$password'
为用户名和密码值插入以下内容:
$用户名 = 1' 或 '1' = '1
和
$password = 1' 或 '1' = '1.
查询然后读取:
SELECT * FROM Users WHERE username='1' OR '1' = '1' AND password='1' OR '1' = '1'
查询 returns 一个值(或多个值),因为条件始终为真 (OR 1=1)。
尝试制作一个容易受到 SQL 注入攻击的简单 PHP 应用程序。 如果 user/pass 正确,则让我登录,如果不正确,则不登录。 但是,当我尝试其中任何一个时:
' OR '1' = '1
' OR '1'='1
' OR '1' = '1' --
出现以下错误消息:
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given on line 14
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given on line 15
我也尝试在两个字段中注入并使用有效的 username/injection 和 injection/valid 密码组合,但无济于事。 有人可以指出问题吗?谢谢。代码:
<!-- index.php -->
<?php
include("config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
if(isset($_POST["sbm"])){
$username = $_POST['username'];
$password = $_POST['password'];
}
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_array($result);
$count = mysqli_num_rows($result);
if($count == 1) {
$_SESSION['login_user'] = $username;
header("location: welcome.php");
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<form method = "post">
<label>Username</label><input type = "text" name = "username"/><br /><br />
<label>Password</label><input type = "password" name = "password"/><br/><br />
<input type = "submit" value = "Login" name="sbm"/><br />
</form>
</body>
</html>
<!-- config.php -->
<?php
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', '');
define('DB_DATABASE', 'db');
$conn = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
?>
<!-- welcome.php -->
<html>
<head>
<title>Welcome</title>
</head>
<body>
<h1>Welcome</h1>
</body>
</html>
经典的SQL注入方式:
Query: SELECT * FROM Users WHERE username='$username' AND password='$password'
为用户名和密码值插入以下内容:
$用户名 = 1' 或 '1' = '1 和 $password = 1' 或 '1' = '1.
查询然后读取:
SELECT * FROM Users WHERE username='1' OR '1' = '1' AND password='1' OR '1' = '1'
查询 returns 一个值(或多个值),因为条件始终为真 (OR 1=1)。