Ò׽ؽØͼÈí¼þ¡¢µ¥Îļþ¡¢Ãâ°²×°¡¢´¿ÂÌÉ«¡¢½ö160KB

php¶Ôsql injectionµÄ·À·¶

¶Ôhttp request¹ýÀ´µÄÊý¾Ý£¬·²ÊǺ¬Óе¥ÒýºÅ£¬Ë«ÒýºÅ£¬·´Ð±Ïߵȶ¼½øÐмÓбÏß´¦Àí¡£·ÀÖ¹½øÐÐ×¢Èë²Ù×÷¡£
/*
¶ÂSQL©¶´
*/
function quotes($content){

//Èç¹ûmagic_quotes_gpc=Off£¬ÄÇô¾Í¿ªÊ¼´¦Àí
if (!get_magic_quotes_gpc()) {
//ÅжÏ$contentÊÇ·ñΪÊý×é
if (is_array($content)) {
//Èç¹û$contentÊÇÊý×飬ÄÇô¾Í´¦ÀíËüµÄÿһ¸öµ¥ÎÞ
foreach ($content as $key=>$value) {
$content[$key] = mysql_real_escape_string($value);
}
} else {
//Èç¹û$content²»ÊÇÊý×飬ÄÇô¾Í½ö´¦ÀíÒ»´Î
$content = mysql_real_escape_string($content);
}

}
//·µ»Ø$content
return $content;
}
µ±´«µÝ¹ýÀ´µÄ²ÎÊýÊÇÒ»¸öidµÄ»°¡£ÄÇôÎÒÃÇ¿ÉÒÔÖ±½ÓÓà $id = intval($_GET('id'));½øÐÐintÐÍ´¦Àí£¨ÓÃsettypeÒ²ÐУ©¡£
ÍøÉÏÒ²ÓÐÈËÊǶÔÆä¹Ø¼ü×Ö¹ýÂ˽øÐд¦ÀíµÄ£¬È磺
function inject_check($sql_str){
return eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile', $sql_str); // ½øÐйýÂË
}
ÎÒ¾õµÃ´Ë·½·¨²»¿ÉÈ¡ÊÇÒòΪÎÒÔÚÒ»¸ö´óµÄÊäÈë¿òÀïPOST¹ýÀ´µÄÊý¾Ý»ò¶à»òÉÙ¶¼°üº¬ÕâЩ¹Ø¼ü×Ö£¬ÄѵÀɱһÙÓ°Ù£¿ËäÈ»ÕâÑù¸ü°²È«£¬µ«²»·½±ã¡£
ËùÒÔÎÒ²ÉÓÃÉÏÒ»¸ö·½·¨£¬Èç¹ûÉÏÒ»¸ö·½·¨ÓÐÉÏÃæ²»ºÃÖ®´¦»òÕßÒÉÎÊ£¬¿ÉÒÔÁôÑÔÌÖÂÛ¡££º£©


Ïà¹ØÎĵµ£º

³õѧPHPµÄ18¸ö»ù´¡Àý³Ì

 
ÈçºÎ´´½¨ÎÒÃǵĵÚÒ»¸öPHPÒ³ÃæÄØ£¿·Ç³£¼òµ¥µÄ£¡Ñ¡ÔñÎÒÃÇʹÓõÄÒ»¸ö×îºÃµÄÉè¼Æ¹¤¾ß£¬µ±È»ÄãÒ²¿ÉÒÔ Ö»Ê¹ÓüÇʱ¾¡£´´½¨Ö®ºó¼ÇµÃÒª±£´æΪÀ©Õ¹ÃûΪPHPµÄÎļþ£¬È»ºó´«µ½ÎÒÃǵķþÎñÆ÷
ÉÏ¡£
¡¡¡¡ÔÚ±àдPHP³ÌÐò֮ǰͨ³£ÎÒÃÇÐèÒªÅäÖÃÎÒÃǵĻ·¾³£¬Ò²¾ÍÊÇ˵·þÎñÆ÷
ÒªÖ§³ÖPHP²ÅÄÜÐа¡
¡¡¡¡Ò»¡¢PHPµÄ»ù±¾½á¹¹£º
¡¡¡¡Ê¹ÓÃIncl ......

PHP×Ô¶¯×ª»»×ªÒå×Ö·û

ÔÚphp.iniÎļþÖÐmagic_quotes_gpc = on   ---- Ò»°ãÇé¿öÏÂÊÇon£¬ÅÂÓû§Íü¼ÇתÒåijЩÌØÊâ×Ö·û¡£
Òò´Ë£¬ÒªÅжϵ±Ç°phpµÄÅäÖÃҪȡµÃÎÒÃÇÏëÒªµÄÄÚÈÝ¡£
$gpc=get_magic_quotes_gpc();     ----·µ»Ø1,magic_quotes_gpc = on£¬0Ϊoff
if ($gpc==1){
     $json=s ......

ʹÓà PHPnow ´î½¨ PHP »·¾³[ͼ]

 ´î½¨ PHP Æäʵ²»ºÜÄÑ£¬Ö»ÊÇÓе㷱Ëö¡£ÒªÊÇ×Ô¼º´î½¨Ò»´Î PHP + MySQL »·¾³ºÜÊÇ·Ñʱ¡£¸üÔãµÄÊÇ£¬ºÜ¶àÐÂÊÖÔÚÅäÖà PHP
ʱ³£³£³öÏÖÕâÑùÄÇÑùµÄÎÊÌâ¡£ÖîÈç mysql À©Õ¹¡¢zend °²×°Ê§°ÜµÈµÈÎÊÌâ¡£Õâʱ£¬ÎÒÃÇÐèÒªÒ»¸ö¿ìËÙ¡¢±ê×¼ÇÒרҵµÄ PHP
Ì×¼þ°ü¡£PHPnow ¾ÍÕâÑùÓ¦Ô˶øÉú£¬ÎªÄã¿ìËٴרҵµÄÐéÄâÖ÷»ú¡£
Óë PHPnow µÄÃû×ÖÒ ......

50¸ö³£ÓÃsqlÓï¾ä

Student(S#,Sname,Sage,Ssex) ѧÉú±í
Course(C#,Cname,T#) ¿Î³Ì±í
SC(S#,C#,score) ³É¼¨±í
Teacher(T#,Tname) ½Ìʦ±í
ÎÊÌ⣺
1¡¢²éѯ“001”¿Î³Ì±È“002”¿Î³Ì³É¼¨¸ßµÄËùÓÐѧÉúµÄѧºÅ£»
  select a.S# from (select s#,score from SC where C#='001') a,(select s#,score
  fr ......

¹ØÓÚSQLÓï¾ä

½ñÌìдÍøÕ¾µÄʱºòºÜ囧°¡£¬·¢ÏÖ²éÕÒÓû§È¨ÏÞµÄʱºòÎÞÔµÎ޹ʵÄͬһ¸öȨÏÞÖظ´³öÏֺܶà´Î
Ð޸ĺóµÄSQLÓï¾äÈçÏÂ
SELECT
node
.
id
,
node
.
name
,
access
.
role_id
from
think_role_user
AS
user
,
think_access
AS
access
,
think_node
AS
node
WHERE
user
.
user_id
=
......
© 2009 ej38.com All Rights Reserved. ¹ØÓÚE½¡ÍøÁªÏµÎÒÃÇ | Õ¾µãµØͼ | ¸ÓICP±¸09004571ºÅ