安全性 - SQL

Question

嘿,下面是一个处理登录脚本的页面,我想知道我是否已经安装了任何安全漏洞.我一直在阅读有关防止注射和其他人的文章,并希望确保我的代码是安全的.

它是通过ajax提交的,并根据登录是否正确返回JSON.

<?php
ob_start();
session_start();
include ("config.inc.php");
include ("jsonEncode.php");

// ausername and apassword sent from form
$ausername = '';
$apassword = '';
$ausername = mysql_real_escape_string(stripslashes($_GET['username']));
$apassword = mysql_real_escape_string(stripslashes($_GET['password']));

$sql    = "SELECT * FROM admin WHERE ausername='$ausername' AND apassword='$apassword' LIMIT 1";
$result = mysql_query($sql) or die(mysql_error());

$data   = mysql_fetch_array($result);
$count  = mysql_num_rows($result);

if($count==1){
    $_SESSION['ausername'] = $ausername;
    $_SESSION['apassword'] = $apassword;
    $_SESSION['admin_id']  = $data['a_id'];
    $a_id = $data['a_id'];
    $_SESSION['LastLogin'] = $data['last_login'];
    $query = "UPDATE admin SET last_login = Now() WHERE `a_id`= $a_id";
    mysql_query($query);
    //echo $query;
    $_SESSION['aloggedin'] = "1234";
    // valid
    $var = array('avalid' => 1, 'ausername' => $ausername, 'apassword' => $apassword);
    print php_json_encode($var);
}else{
    // invalid
    $var = array('avalid' => 0, 'ausername' => $ausername, 'apassword' => $apassword);
    print php_json_encode($var);
}
?>

Answer 1

您可能希望使用POST方法而不是GET与登录表单,否则他们的密码将显示在URL中,并且URL不是非常安全(例如,它们可能被标记为书签或作为引用URL发送到另一个服务器).