我试图理解SQL注入是如何完全工作的,以便将这些信息反馈给我的一些学生。我创建了一个附有小型SQL数据库的简单网页,希望我的学生能够尝试进入"该网站并在欢迎页面上获取令牌。
但是,我使用(w3schools)创建登录页面的资源只向我显示了一个安全的网页,而且我不知道如何解析它以使登录页面容易受到SQL注入。
到目前为止,我在网页上的代码如下(仅剥离HTML的基本部分!)
<?php
include("conf.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
$myusername = mysqli_real_escape_string($db,$_POST['username']); //get username and password from form
$mypassword = mysqli_real_escape_string($db,$_POST['password']);
$sql = "SELECT * FROM admin WHERE username = '$myusername' and password = '$mypassword'"; //sql query - IF username AND password match what is in the database
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];
$count = mysqli_num_rows($result); //return the number of results - there should only be one!
if($count == 1) { //if there was 1 result, load the welcome page
$_SESSION['username'] = $myusername;
header("location: welcome.php");
}else { //otherwise show an error
$error = "Your Login Name or Password is invalid";
}
}
?>
<html>
<center>
<form action = "" method = "post">
<label>UserName :</label><input type = "text" name = "username" class = "box"/><br /><br />
<label>Password :</label><input type = "password" name = "password" class = "box" /><br/><br />
<input type = "submit" value = " Submit "/><br />
</form>
</center>
</body>
</html>
我试图改变这条线:
$myusername = mysqli_real_escape_string($db,$_POST['username']);
到
$myusername = $_POST['username'];
因为我认为它被转义(mysqli_real_escape_string)并阻止任何额外字符输入文本框 - 这是正确的吗?
但那并没有做任何事情。任何帮助将不胜感激。