mysql防SQL注入搜集

Posted 雨落知音

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了mysql防SQL注入搜集相关的知识,希望对你有一定的参考价值。

SQL注入

例:脚本逻辑

$sql = “SELECT * FROM user WHERE userid = $_GET[userid] “;

案例1:SELECT * FROM t WHERE a LIKE ‘%xxx%’ OR (IF(NOW=SYSDATE(), SLEEP(5), 1)) OR b LIKE ‘1=1 ‘;

 案例2:SELECT * FROM t WHERE a > 0 AND b IN(497 AND (SELECT * FROM (SELECT(SLEEP(20)))a) );

 案例3:SELECT * FROM t WHERE a=1 and b in (1234 ,(SELECT (CASE WHEN (5=5) THEN SLEEP(5) ELSE 5*(SELECT 5 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)) );

监控以下方法
SLEEP() — 一般的SQL盲注都会伴随SLEEP()函数出现,而且一般至少SLEEP 5秒以上
MID()
CHAR()
ORD()
SYSDATE()
SUBSTRING()
DATABASES()
SCHEMA()
USER()
VERSION()
CURRENT_USER()
LOAD_FILE()
OUTFILE/DUMPFILE
INFORMATION_SCHEMA
TABLE_NAME
fwrite()/fopen()/file_get_contents() — 这几个是php文件操作函数

 

应对方法:

1.mysql_real_escape_string() 转义特殊字符((PHP 4 >= 4.3.0, PHP 5))

下列字符受影响:
\x00 //对应于ascii字符的NULL
\n  //换行符且回到下一行的最前端
\r //换行符
\ //转义符
‘ 
"
\x1a  //16进制数
如果成功,则该函数返回被转义的字符串。如果失败,则返回 false

2.addslashes(): 函数返回在预定义字符之前添加反斜杠的字符串

预定义的字符有:
    单引号(
    双引号("
    反斜杠(\)
    NULL

3.prepared  statements(预处理机制)

<?php
$mysqli = new mysqli("example.com", "user", "password", "database");
if ($mysqli->connect_errno) {
    echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}

/* Non-prepared statement */
if (!$mysqli->query("DROP TABLE IF EXISTS test") || !$mysqli->query("CREATE TABLE test(id INT)")) {
    echo "Table creation failed: (" . $mysqli->errno . ") " . $mysqli->error;
}

/* Prepared statement, stage 1: prepare */
if (!($stmt = $mysqli->prepare("INSERT INTO test(id) VALUES (?)"))) {
    echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
/* Prepared statement, stage 2: bind and execute */
$id = 1;
if (!$stmt->bind_param("i", $id)) {
    echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}

if (!$stmt->execute()) {
    echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
?>

 

以上是关于mysql防SQL注入搜集的主要内容,如果未能解决你的问题,请参考以下文章

python大法好——mysql防注入

PHP mysql_real_escape_string() 函数防SQL注入

mysql绑定参数bind_param原理以及防SQL注入

sqlalchemy防sql注入

node sql语句占位符用法(防sql注入攻击)

求ASP防SQL注入的登录验证代码