gpt4 book ai didi

php - mysql_real_escape_string 不够好?

转载 作者:行者123 更新时间:2023-11-29 07:09:40 26 4
gpt4 key购买 nike

因此,即使使用 mysql_real_escape_string 清理数据,您也可以使用 %27 进行 SQL 注入(inject)

%27) SQL INJECTION HERE %2F*

怎么办?

用例子编辑:

$sql = sprintf("SELECT *, MATCH(post) AGAINST ('%s*' IN BOOLEAN MODE) AS score FROM Posts WHERE MATCH(post) AGAINST('%s*' IN BOOLEAN MODE)",
mysql_real_escape_string($_GET['searchterm']),
mysql_real_escape_string($_GET['searchterm']));

$results = $db->queryAsArray($sql);

如果您将 %27) SQL INJECTION HERE %2F* 传递给 searchterm 查询字符串,我会在页面上输出:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'BOOLEAN MODE)' at line 1

感谢大家在 db 类中发现问题..

最佳答案

从方法名queryAsArray推理,好像你用的是this DbBase class from the comments of the MySQL functions manual page .如果是这样,它是从转义引号中删除转义字符的 query 方法:

function query($sql, &$records = null){
$sql = str_replace(array('\\"', "\\'"), array('"', "'"), $sql);
// …
}

那么你的例子能运行就不是奇迹了(我简化了它):

$input = "', BAD SQL INJECTION --";

$sql = "SELECT '".mysql_real_escape_string($input)."'";
var_dump($sql); // string(33) "SELECT '\', BAD SQL INJECTION --'"
// everything’s OK ↑

$sql = str_replace(array('\\"', "\\'"), array('"', "'"), $sql);
var_dump($sql); // string(32) "SELECT '', BAD SQL INJECTION --'"
// Oops! ↑

关于php - mysql_real_escape_string 不够好?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5304424/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com