ÔÚPHPÖÐÈ«Ãæ×èÖ¹SQL×¢Èëʽ¹¥»÷Ö®¶þ

Ò»¡¢ ×¢Èëʽ¹¥»÷µÄÀàÐÍ
¡¡¡¡¿ÉÄÜ´æÔÚÐí¶à²»Í¬ÀàÐ͵Ĺ¥»÷¶¯»ú£¬µ«ÊÇÕ§¿´ÉÏÈ¥£¬Ëƺõ´æÔÚ¸ü¶àµÄÀàÐÍ¡£ÕâÊǷdz£ÕæʵµÄ-Èç¹û¶ñÒâÓû§·¢ÏÖÁËÒ»¸öÄܹ»Ö´Ðжà¸ö²éѯµÄ°ì·¨µÄ»°¡£±¾ÎĺóÃ棬ÎÒÃÇ»á¶Ô´Ë×÷ÏêϸÌÖÂÛ¡£
¡¡¡¡Èç¹ûÄãµÄ½Å±¾ÕýÔÚÖ´ÐÐÒ»¸öSELECTÖ¸ÁÄÇô£¬¹¥»÷Õß¿ÉÒÔÇ¿ÆÈÏÔʾһ¸ö±í¸ñÖеÄÿһÐмǼ-ͨ¹ý°ÑÒ»¸öÀýÈç"1=1"ÕâÑùµÄÌõ¼þ×¢Èëµ½WHERE×Ó¾äÖУ¬ÈçÏÂËùʾ(ÆäÖУ¬×¢È벿·ÖÒÔ´ÖÌåÏÔʾ)£º
SELECT * from wines WHERE variety = 'lagrein' OR 1=1;'
¡¡¡¡ÕýÈçÎÒÃÇÔÚÇ°ÃæËùÌÖÂ۵ģ¬Õâ±¾Éí¿ÉÄÜÊǺÜÓÐÓõÄÐÅÏ¢£¬ÒòΪËü½ÒʾÁ˸ñí¸ñµÄÒ»°ã½á¹¹(ÕâÊÇÒ»ÌõÆÕͨµÄ¼Ç¼Ëù²»ÄÜʵÏÖµÄ)£¬ÒÔ¼°Ç±ÔÚµØÏÔʾ°üº¬»úÃÜÐÅÏ¢µÄ¼Ç¼¡£
¡¡¡¡Ò»Ìõ¸üÐÂÖ¸ÁîDZÔڵؾßÓиüÖ±½ÓµÄÍþв¡£Í¨¹ý°ÑÆäËüÊôÐԷŵ½SET×Ó¾äÖУ¬Ò»Ãû¹¥»÷Õß¿ÉÒÔÐ޸ĵ±Ç°±»¸üеļǼÖеÄÈκÎ×ֶΣ¬ÀýÈçÏÂÃæµÄÀý×Ó£¨ÆäÖУ¬×¢È벿·ÖÒÔ´ÖÌåÏÔʾ£©£º
UPDATE wines SET type='red'£¬'vintage'='9999' WHERE variety = 'lagrein'
¡¡¡¡Í¨¹ý°ÑÒ»¸öÀýÈç1=1ÕâÑùµÄºãÕæÌõ¼þÌí¼Óµ½Ò»Ìõ¸üÐÂÖ¸ÁîµÄWHERE×Ó¾äÖУ¬ÕâÖÖÐ޸ķ¶Î§¿ÉÒÔÀ©Õ¹µ½Ã¿Ò»Ìõ¼Ç¼£¬ÀýÈçÏÂÃæµÄÀý×Ó£¨ÆäÖУ¬×¢È벿·ÖÒÔ´ÖÌåÏÔʾ£©£º
UPDATE wines SET type='red'£¬'vintage'='9999 WHERE variety = 'lagrein' OR 1=1;'
¡¡¡¡×îΣÏÕµÄÖ¸Áî¿ÉÄÜÊÇDELETE-ÕâÊDz»ÄÑÏëÏñµÄ¡£Æä×¢Èë¼¼ÊõÓëÎÒÃÇÒѾ­¿´µ½µÄÏàͬ-ͨ¹ýÐÞ¸ÄWHERE×Ó¾äÀ´À©Õ¹ÊÜÓ°ÏìµÄ¼Ç¼µÄ·¶Î§£¬ÀýÈçÏÂÃæµÄÀý×Ó£¨ÆäÖУ¬×¢È벿·ÖÒÔ´ÖÌåÏÔʾ£©£º
DELETE from wines WHERE variety = 'lagrein' OR 1=1;'
¡¡¡¡¶þ¡¢ ¶à¸ö²éѯעÈë
¡¡¡¡¶à¸ö²éѯעÈ뽫»á¼Ó¾çÒ»¸ö¹¥»÷Õß¿ÉÄÜÒýÆðµÄDZÔÚµÄËð»µ-ͨ¹ýÔÊÐí¶àÌõÆÆ»µÐÔÖ¸Áî°üÀ¨ÔÚÒ»¸ö²éѯÖС£ÔÚʹÓÃMySQLÊý¾Ý¿âʱ£¬¹¥»÷Õßͨ¹ý°ÑÒ»¸ö³öºõÒâÁÏÖ®ÍâµÄÖÕÖ¹·û²åÈëµ½²éѯÖм´¿ÉºÜÈÝÒ×ʵÏÖÕâÒ»µã-´Ëʱһ¸ö×¢ÈëµÄÒýºÅ(µ¥ÒýºÅ»òË«ÒýºÅ)±ê¼ÇÆÚÍû±äÁ¿µÄ½áβ£»È»ºóʹÓÃÒ»¸ö·ÖºÅÖÕÖ¹¸ÃÖ¸Áî¡£ÏÖÔÚ£¬Ò»¸öÁíÍâµÄ¹¥»÷Ö¸Áî¿ÉÄܱ»Ìí¼Óµ½ÏÖÔÚÖÕÖ¹µÄԭʼָÁîµÄ½áβ¡£×îÖÕµÄÆÆ»µÐÔ²éѯ¿ÉÄÜ¿´ÆðÀ´ÈçÏÂËùʾ£º
SELECT * from wines WHERE variety = 'lagrein';
GRANT ALL ON *.* TO 'BadGuy@%' IDENTIFIED BY 'gotcha';'
¡¡¡¡Õâ¸ö×¢È뽫´´½¨Ò»¸öеÄÓû§BadGuy²¢¸³ÓèÆäÍøÂçÌØȨ£¨ÔÚËùÓеıí¸ñÉϾßÓÐËùÓеÄÌØȨ£©£»ÆäÖУ¬»¹ÓÐÒ»¸ö"²»Ïé"µÄ¿ÚÁî±»¼ÓÈëµ½Õâ¸ö¼òµ¥µÄSELECTÓï¾äÖС£Èç¹ûÄã×ñÑ­ÎÒÃÇÔÚÒÔÇ°ÎÄÕÂÖеĽ¨Ò飭ÑϸñÏÞÖƸùý³ÌÓû§µÄÌØȨ£¬ÄÇô£¬ÕâÓ¦¸ÃÎÞ·¨¹¤×÷£¬ÒòΪweb·þÎñÆ÷ÊØ»¤³ÌÐò²