login.php很脆弱。
但我无法了解如何逃脱输入:
$salt = '78sdjs86d2h';
$username = mysqli_real_escape_string($DB_H, addslashes($_POST['username']));
$password = mysqli_real_escape_string($DB_H, addslashes($_POST['password']));
$hash1 = hash('sha256', $password . $salt);
$hash = strtoupper($hash1);
$check = mysqli_query($DB_H, "SELECT * FROM players WHERE Name='$username' && Password = '$hash'");
if(mysqli_num_rows($check) != 0)
答案 0 :(得分:2)
除非您使用的是some peculiar encoding,否则您发布的代码虽然没有意义,但对于SQL注入来说是无法攻击。它宁愿不让一个诚实的用户登录,但是没有办法通过SQL注入破解它。
此漏洞属于另一种类型,例如XSS。
答案 1 :(得分:2)
最好使用prepare语句来避免sql注入。例如
$check = mysqli_query($DB_H, "SELECT * FROM players WHERE Name='$username' && Password = '$hash'")
像这样使用
$check = $DB_H->prepare("SELECT * FROM players WHERE Name=? && Password = ?")
$check->bind_param('ss',$username,$hash);
$check->execute();
答案 2 :(得分:0)
用此测试:
$sHost = 'localhost';
$sDb = 'test';
$sUser = 'user';
$sPassword = 'password';
$oDb = new PDO("mysql:host={$sHost};dbname={$sDb}", $sUser, $sPassword);
$salt = '78sdjs86d2h';
$username = $_POST['username'];
$password = $_POST['password'];
$hash1 = hash('sha256', $password . $salt);
$hash = strtoupper($hash1);
$sSql = 'SELECT * FROM players WHERE Name = :username AND Password = :password';
$oStmt = $oDb->prepare($sSql);
$oStmt->bindParam(':username', $username, PDO::PARAM_STR);
$oStmt->bindParam(':password', $hash, PDO::PARAM_STR);
if($oStmt->execute()){
$oRow = $oStmt->fetch(PDO::FETCH_OBJ);
if(false === $oRow){
echo 'User or password not valid';
} else {
echo 'Uer and password valid!!!';
}
} else {
echo 'Error';
}
答案 3 :(得分:-1)
而不是使用这些mysqli函数来使用PDO语句。这是参考
PHP PDO Documentation