Á˽âÊý¾Ý´æ´¢mysql¶Ô²âÊÔµÄÖúÒæ
¹ýÈ¥µÄÒ»¸öÔ£¬ÎҵŤ×÷ÖØÐĶ¼ÔںϷþÄ£¿éµÄ²âÊÔ¡£ÆÄÓÐһЩÊÕ»ñ¡£
´Ë´Î´óÁ¿ºÍmysql´ò½»µÀ£¬¶Ô²úÆ·µÄÊý¾Ý´æ´¢ÓÐÁ˱ȽÏÈ«ÃæµÄÕÆÎÕ¡£²¢´ÙʹºÍÖ´ÐÐÁËdbµÄ±í½á¹¹ºÍÊôÐԵļì²é¡£ºÏ·þͶ·Åºó£¬ÔÝδ·¢ÏÖÒò´íÎóÊý¾Ýµ¼ÖµÄbug»òʹʡ£
²¢ÔÚ²âÊÔ³õÆھ͹Ø×¢ºÍ¼ì²âÐÔÄÜÖ¸±ê£¬´Ùʹ³ÌÐò×öÁËÒ»´ÎÐÔÄܲâÊÔ£»¶ÔͶ·ÅʱµÄ·çÏÕÔöÇ¿ÁËÔ¤·ÀºÍ¿ØÖÆ¡£
ÕâЩ¶ÔÎҵIJâÊÔ˼ά£¬ÓÐÁ˺ܴóµÄÍØÕ¹¡£
Ïà¹ØÎĵµ£º
¸ù¾ÝÄãµÄʹÓÃÄ¿µÄÎÒ¾õµÃÕâ¸öº¯ÊýÓÐÁ½·½ÃæµÄÓÃ;£º
·ÀÖ¹SQL Injection¹¥»÷£¬Ò²¾ÍÊÇÄã±ØÐëÑéÖ¤Óû§µÄÊäÈë
²Ù×÷Êý¾ÝµÄʱºò±ÜÃâ²»±ØÒªµÄ×Ö·ûµ¼Ö´íÎó
mysql_real_escape_string() º¯ÊýתÒå SQL Óï¾äÖÐʹÓõÄ×Ö·û´®ÖеÄÌØÊâ×Ö·û¡£
ÏÂÁÐ×Ö·ûÊÜÓ°Ï죺
\x00
\n
\r
\
'
"
\x1a
Èç¹û³É¹¦£¬Ôò¸Ãº¯Êý·µ»Ø±»×ªÒåµÄ×Ö·û´ ......
MySql°æ±¾ÐÅÏ¢µÄ²éѯ£º
1¡¢Í¨¹ýmysql -VÃüÁî²éѯ
C:\mysql\bin>mysql -V
mysql Ver 12.22 Distrib 4.0.18, for Win95/Win98 (i32)
2¡¢Í¨¹ýmysqlģʽϵÄstatusÃüÁî²é¿´×´Ì¬
mysql> status
--------------
mysql Ver 12.22 Distrib 4.0.18, for Win95/Win98 (i32)
Connection id: &nbs ......
»·¾³£º
²Ù×÷ϵͳ£ºWIN2003
MySql£ºmysql Ver 12.22 Distrib 4.0.18, for Win95/Win98 (i32)
˼Ï룺
ΪÁË°²È«¼ÓÃÜÐèÒªÉèÖÃmysqlÊý¾Ý¿âÏà¹ØÓû§µÄÃÜÂ룻
MySqlÊý¾Ý¿âµÄÃÜÂ붼ÊDZ£´æÔÚmysqlÊý¾Ý¿âʵÀýµÄuser±íÖеÄpassword×Ö¶ÎÀͨ¹ýPASSWORD("")µÄº¯Êý¶ÔÃÜÂë¼ÓÃܺ󱣴æÔÚ±íÖУ»
ËùÒÔÒªÐÞ¸ÄÓû§µÄÃÜÂëÖ ......
±ÈÈ磺
insert into User values(x1,x2,x3,x4),(x1,x2,x3,x4),(x1,x2,x3,x4)
ÕâÖÖд·¨£¬ÁÐÊýÁ¿±ØÐëºÍ±íÖÐËùÓÐÁб£³ÖÒ»Ö£¬Ò²¾ÍÊÇ˵Áж¼ÒªÁгöÀ´¡£
Õâ¸öuser±íÀïÃæµÄÒ»¸ö×Ö¶Îx1ÊǸö×ÔÔö³¤×ֶΣ¬ÔòÓ¦¸ÃÌînullռλ
insert into User values(null,x2,x3,x4),(null,x2,x3,x4),(null,x2,x3,x4)
·ñÔò»á±¨´í¡£ ......
