PHP-防止SQL注入

原创

woxuewangluo 2013-11-07 21:43:16 博主文章分类：APP运维文档 ©著作权

文章标签 it 文章分类 PHP 后端开发

©著作权归作者所有：来自51CTO博客作者woxuewangluo的原创作品，请联系作者获取转载授权，否则将追究法律责任

php.ini配置

magic_quotes_gpc = On

万能密码：

mysql> select * from user where username='wang' and password='123';

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

| 1 | wang | 123 |

+--------+----------+----------+

1 row in set (0.00 sec)

mysql> select * from user where username='wang' and password='12';

Empty set (0.00 sec)

mysql> select * from user where username='wang' and password='aa' or 1='1';

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

| 1 | wang | 123 |

| 2 | yong | 123 |

| 2 | ke | 321 |

+--------+----------+----------+

3 rows in set (0.01 sec)

mysql> select * from user where username='wa' and password='aa' or 1='1';

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

| 1 | wang | 123 |

| 2 | yong | 123 |

| 2 | ke | 321 |

+--------+----------+----------+

3 rows in set (0.00 sec)

万能用户名：

mysql> select * from user where username='sjdlf' or 1=1 ;

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

| 1 | wang | 123 |

| 2 | yong | 123 |

| 2 | ke | 321 |

+--------+----------+----------+

3 rows in set (0.00 sec)

mysql> select * from user where username='sjdlf' or 1=1 and password='123';

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

| 1 | wang | 123 |

| 2 | yong | 123 |

+--------+----------+----------+

2 rows in set (0.00 sec)

mysql> select * from user where username='wang' union select * from user where userid=2;

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

| 1 | wang | 123 |

| 2 | yong | 123 |

+--------+----------+----------+

2 rows in set (0.00 sec)

mysql> select * from user where username='wang' union all select * from user where userid=2;

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

| 1 | wang | 123 |

| 2 | yong | 123 |

+--------+----------+----------+

2 rows in set (0.00 sec)

mysql> select * from user where username='wang' and password='123' union all select * from user where userid=2;

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

| 1 | wang | 123 |

| 2 | yong | 123 |

+--------+----------+----------+

2 rows in set (0.00 sec)

mysql> select * from user where username='wang' and password='123' union all select * from user;

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

| 1 | wang | 123 |

| 2 | yong | 123 |

| 3 | ke | 321 |

+--------+----------+----------+

4 rows in set (0.00 sec)

mysql> select * from user where username='wang' and password='123' union select * from user;

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

| 1 | wang | 123 |

| 2 | yong | 123 |

| 3 | ke | 321 |

+--------+----------+----------+

3 rows in set (0.00 sec)

mysql> select * from user where username='wang' and password='321' union select * from user;

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

| 1 | wang | 123 |

| 2 | yong | 123 |

| 3 | ke | 321 |

+--------+----------+----------+

3 rows in set (0.00 sec)

mysql> select * from user where username='wd' and password='321' union select * from user;

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

| 1 | wang | 123 |

| 2 | yong | 123 |

| 3 | ke | 321 |

+--------+----------+----------+

3 rows in set (0.00 sec)

mysql>

上一篇：LINUX-MYSQL多实例（rpm包安装-失败）

下一篇：快捷键组合大全

提问和评论都可以，用心的回复会被更多人看到评论

发布评论

相关文章

官方博客	全部文章	热门标签	班级博客
了解我们	网站地图	意见反馈

鸿蒙开发者社区	51CTO学堂
51CTO	软考资讯