Jimbor’s wORLD

aLL i kNOW iS tHAT i kNOW nOTHING

Contact

Browsing the archives for the filter tag.

Tag Cloud

陕西骑 part 公交 Shea Frederick min-width Charles River Media Personalized Search foxmail 换行 Dan Wellman Function CNNIC 复旦大学 table Firefox JavaScript transform tabindex 方案 Guy W. Lecky-Thompson 关键字语义化 Apress Packt Web Mining 搜藏 O'Reilly textContent 追求 smarty symbol design patterns 软件搬家 editor 丁丁地图 msitran DIV+CSS 忽悠歪酷褚静波 Mozilla Fudan 相册
Recent Posts
Recent Bookmarks
Recent Comments
Admin
- Log in

PHP的数据过滤

Jun 28, 2009

Web开发

先举一个简单的PHP防注入的例子。假设有一段用户登录的验证代码：

<?php
$user = $_POST['username'];
$pass= $_POST['password'];
$result = "SELECT * FROM users WHERE name = '$user' AND password = '$password'";
if($row = mysql_fetch_assoc($result)) {
  //authenticated
}
?>

此时坏蛋用户只要输入下面的用户名和密码：

$user = "Dantago !Noabes";
$pass = "x' OR 'a'='a";

Continue Reading »

No Comments

filter, PHP, SQL注入, 过滤

About this blog

I am a developer and designer
more »
Ad
Categories
- .Net
- UI/UE
- Web开发
- Web新事
- 书籍资料
- 我的工具
- 所感所想
- 所见所闻
- 搜索引擎
- 静欣语录
Archives
Blogroll

Jimbor’s wORLD

Tag Cloud

Recent Posts

Recent Bookmarks

Recent Comments

Admin

PHP的数据过滤

About this blog

Search

Ad

Categories

Archives

Blogroll