Simply put, SQL injection is to use code vulnerabilities to obtain data in the SQL database in the background of websites or applications, and then gain access to the database. For example, hackers can take advantage of loopholes in the website code and use SQL injection to obtain all the data information in the background database of a company's website. Hackers can modify the contents of the database at will or even delete the database after obtaining the login user name and password of the database administrator. SQL injection can also be used to check the security of websites or applications. There are many ways to inject SQL, but this article only discusses the most basic principles. Let's take PHP and MySQL as examples. The example in this article is very simple. If you use other languages, it is not difficult to understand. Focus only on SQL commands.
A simple SQL injection attack case
If we have a company website, all important information such as customer information is stored in the background database of the website. If there is such a command to read user information in the code of the website login page.
$q = "Select' id' from' users', where' username`='. $_GET['username']。 And' password' =' ". $_GET['password']。 ' "; ? & gt Now a hacker wants to attack your database. He will try to enter the following code in the user name input box of the login page:
; Display table;
Click the login key, and the page will display all the tables in the database. If he uses the following command now:
; Delete table [table name];
So he deleted a table!
Prevent SQL injection-use mysql_real_escape_string () function.
Use this function mysql_real_escape_string () in the code of database operation to filter out special characters in the code, such as quotation marks. For example:
$q = "Select' id' from' users', where' username`='. MySQL _ real _ escape _ string ($ _ get ['username']), "and `password` ='". MySQL _ real _ escape _ string($ _ GET[' password '])。" ' "; ? & gt prevent SQL injection-use mysql_query () function.
In particular, mysql_query () will only execute the first article of sql code, and the rest will not be executed. Recall that in the previous example, the hacker executed several SQL commands in the background through the code example, displaying the names of all tables. Therefore, the mysql_query () function can achieve further protection. We further developed the code just now and got the following code:
//connection
$ database = MySQL _ connect ("localhost", "username", "password");
//Database selection
$ q = MySQL _ query(" SELECT ` id ` FROM ` users ` WHERE ` username `= '"。 MySQL _ real _ escape _ string ($ _ get ['username']), "and `password` ='". MySQL _ real _ escape _ string($ _ GET[' password '])。 "",$ database); ? & gt In addition, we can judge the length of the input value in PHP code, or use functions to check the input value. Therefore, the input must be filtered and checked where the user input value is accepted. Of course, it is also important to learn and understand the latest SQL injection methods, so as to achieve targeted prevention. If you use platform-based website systems such as Wordpress, you should pay attention to official patches or upgrade to a new version in time.