这个PHP代码有多危险?
这个PHP代码有多危险?可以做些什么呢?
$name = $_POST["user"];
$pwd = $_POST["pwd"];
$query = "SELECT name,pwd FROM users WHERE name = '$name' AND pwd = '$pwd'";
Jer*_*iah 24
可能的问题:
- SQL注入
- XSS注入(如果此代码是插入查询,那将是一个明确的问题)
- 纯文本密码
您的SQL语句可能会有问题.为SQL注入开放是不好的做法.
SQL注入很糟糕.相信我.
如果你想在HTML页面上显示$ user,那么你可能不想让人们通过键入命令来"破解"你的布局
<H1>HI MOM</H1>
或者一堆javascript.
此外,永远不要以明文形式存储您的密码(好抓住cagcowboy!).它为管理(或黑客入侵)数据库的人提供了太多的权力.你永远不需要知道别人的密码.
尝试这样的策略:
// mostly pulled from http://snippets.dzone.com/posts/show/2738
function MakeSafe($unsafestring)
{
$unsafestring= htmlentities($unsafestring, ENT_QUOTES);
if (get_magic_quotes_gpc())
{
$unsafestring= stripslashes($unsafestring);
}
$unsafestring= mysql_real_escape_string(trim($unsafestring));
$unsafestring= strip_tags($unsafestring);
$unsafestring= str_replace("\r\n", "", $unsafestring);
return $unsafestring;
}
// Call a function to make sure the variables you are
// pulling in are not able to inject sql into your
// sql statement causing massive doom and destruction.
$name = MakeSafe( $_POST["user"] );
$pwd = MakeSafe( $_POST["pwd"] );
// As suggested by cagcowboy:
// You should NEVER store passwords decrypted.
// Ever.
// sha1 creates a hash of your password
// pack helps to shrink your hash
// base64_encode turns it into base64
$pwd = base64_encode(pack("H*",sha1($pwd)))
| 归档时间: |
|
| 查看次数: |
2100 次 |
| 最近记录: |