A Deeper Look at SQL Injection

1. What is SQL injection?

Sql injection is an attack method that adds sql code to the input parameter and passes it to the Sql server for parsing and execution.

2. How did it come about?

Web developers cannot guarantee that all input is sanitized

The attacker constructs executable SQL code using the input data sent to the SQL server

The database is not configured for security

3. How to find SQL vulnerabilities?

Identify all input points in a web application

Understand what types of requests trigger exceptions? (special characters " or ')

Detect anomalies in server responses

4. How to perform SQL injection attack?

Digital Injection:

Select * from tablename where id=1 or 1=1;

String injection:

MySQL's comment feature:

The characters after # and -- are commented out, so no matter what password is entered, it can be queried correctly. Please click here to enter image description

5. How to prevent SQL injection?

Strictly check the input format: is_numeric(var), tp5 validate verification, and use regular expressions to check whether the string is between [A-Za-z]

Escape: addslashes(str),

mysqli_escape_string() function to escape

6.MySQLi's precompilation mechanism

Parameterized Binding

Parameterized binding is another barrier to prevent SQL injection. PHP MySQLi and PDO both provide such functionality. For example, MySQLi can query like this:

PDO is even more convenient, for example: