Php 为什么可以';这不是SQL注入吗?
我必须制作一个可以SQL注入的应用程序,但我不能使SQL注入成为可能。我想尽一切办法把它注入SQL,但没有成功。可以像Php 为什么可以';这不是SQL注入吗?,php,sql-injection,Php,Sql Injection,我必须制作一个可以SQL注入的应用程序,但我不能使SQL注入成为可能。我想尽一切办法把它注入SQL,但没有成功。可以像admin'#那样编写用户名,因为这样会注释掉行 我希望你能帮助我。你可以看到我的代码就在下面 <?php include('include/config.php'); include('parts/header.php'); $submit = $_POST['submit']; $username = $_POST['username'
admin'#
那样编写用户名,因为这样会注释掉行
我希望你能帮助我。你可以看到我的代码就在下面
<?php
include('include/config.php');
include('parts/header.php');
$submit = $_POST['submit'];
$username = $_POST['username'];
$password = $_POST['password'];
if ($submit) {
if(!empty($username OR !empty($password))) {
$sqlQuery = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
if(mysql_num_rows($sqlQuery) == 1) {
// Success - admin'#
echo "LOGGEDIN";
$_SESSION['loggedin'] = 1;
}
else {
echo "Wrong password or username";
}
}
else {
echo "You didn't fill every field.";
}
}
?>
<div id="container">
<form action="login.php" method="POST">
<input type="text" name="username" placeholder="Type user name...">
<input type="password" name="password" placeholder="Type password...">
<input type="submit" name="submit" value="Log in">
</form>
</div>
您可以使用mysql\u real\u escape\u string
函数使变量安全:
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
这是托管在某个实时站点上的吗?你的情况使它总是错误的。你尝试注入了什么?它不在任何地方,我是本地的。情况很好。可以登录。@KevinSteenHansen最终获得一个解决方案。我的任务是创建一个不安全的应用程序,但我的代码不能被sql注入:/n您需要使用htmlspecialchars()或strip_tags()。第一个将像<这样的特殊字符转换为将显示为检查此链接认为您误解了我。我必须做一个不安全的登录。这将帮助您从sql注入。添加此scriptDoenst work:/后,请尝试0=0方法。它给了我错误的密码语句。是否检查了链接?这将确实影响引号从查询字符串中消失的位置?是的,如果用户名在引号中,这将如何注入任何内容?
<?php
include('include/config.php');
include('parts/header.php');
$submit = $_POST['submit'];
$username = (int)$_POST['username'];
$password =(int)$_POST['password'];
if ($submit) {
if(!empty($username OR !empty($password))) {
$sqlQuery="SELECT * FROM users WHERE user_login = '$username' AND password = '$password'";
//SELECT * FROM `wp_users` WHERE `user_login`='1' OR '1' = '1' AND `user_pass`='1' OR '1' = '1'
//$sqlQuery = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
echo $sqlQuery;
exit;
if(mysql_num_rows($sqlQuery) == 1) {
// Success - admin'#
echo "LOGGEDIN";
$_SESSION['loggedin'] = 1;
} else {
echo "Wrong password or username";
}
} else {
echo "You didn't fill every field.";
}
}
?>
<div id="container">
<form method="POST">
<input type="text" name="username" placeholder="Indtast brugernavn..">
<input type="password" name="password" placeholder="Indtast kodeord..">
<input type="submit" name="submit" value="Log ind">
</form>
</div>
SELECT * FROM wp_users WHERE user_login = '7' AND user_pass = '7'