这个PHP代码有多危险？可以做些什么呢？

$name = $_POST["user"];
$pwd = $_POST["pwd"];
$query = "SELECT name,pwd FROM users WHERE name = '$name' AND pwd = '$pwd'";

Jeremiah.. 24

可能的问题:

SQL注入

XSS注入(如果此代码是插入查询,那将是一个明确的问题)

纯文本密码

您的SQL语句可能会有问题.为SQL注入开放是不好的做法.

SQL注入很糟糕.相信我.

如果你想在HTML页面上显示$ user,那么你可能不想让人们通过键入命令来"破解"你的布局

HI MOM

或者一堆javascript.

此外,永远不要以明文形式存储您的密码(好抓住cagcowboy!).它为管理(或黑客入侵)数据库的人提供了太多的权力.你永远不需要知道别人的密码.

尝试这样的策略:

// mostly pulled from http://snippets.dzone.com/posts/show/2738
function MakeSafe($unsafestring) 
{
    $unsafestring= htmlentities($unsafestring, ENT_QUOTES);

    if (get_magic_quotes_gpc()) 
    { 
        $unsafestring= stripslashes($unsafestring); 
    }

    $unsafestring= mysql_real_escape_string(trim($unsafestring));
    $unsafestring= strip_tags($unsafestring);
    $unsafestring= str_replace("\r\n", "", $unsafestring);

    return $unsafestring;
} 

// Call a function to make sure the variables you are 
// pulling in are not able to inject sql into your 
// sql statement causing massive doom and destruction.

$name = MakeSafe( $_POST["user"] );
$pwd = MakeSafe( $_POST["pwd"] );

// As suggested by cagcowboy: 
// You should NEVER store passwords decrypted.
// Ever.  
// sha1 creates a hash of your password
// pack helps to shrink your hash
// base64_encode turns it into base64
$pwd = base64_encode(pack("H*",sha1($pwd)))

cherouvim.. 14

这很危险:

可能的问题:

SQL注入

XSS注入(如果此代码是插入查询,那将是一个明确的问题)

纯文本密码

您的SQL语句可能会有问题.为SQL注入开放是不好的做法.

SQL注入很糟糕.相信我.

如果你想在HTML页面上显示$ user,那么你可能不想让人们通过键入命令来"破解"你的布局

HI MOM

或者一堆javascript.

此外,永远不要以明文形式存储您的密码(好抓住cagcowboy!).它为管理(或黑客入侵)数据库的人提供了太多的权力.你永远不需要知道别人的密码.

尝试这样的策略:

// mostly pulled from http://snippets.dzone.com/posts/show/2738
function MakeSafe($unsafestring) 
{
    $unsafestring= htmlentities($unsafestring, ENT_QUOTES);

    if (get_magic_quotes_gpc()) 
    { 
        $unsafestring= stripslashes($unsafestring); 
    }

    $unsafestring= mysql_real_escape_string(trim($unsafestring));
    $unsafestring= strip_tags($unsafestring);
    $unsafestring= str_replace("\r\n", "", $unsafestring);

    return $unsafestring;
} 

// Call a function to make sure the variables you are 
// pulling in are not able to inject sql into your 
// sql statement causing massive doom and destruction.

$name = MakeSafe( $_POST["user"] );
$pwd = MakeSafe( $_POST["pwd"] );

// As suggested by cagcowboy: 
// You should NEVER store passwords decrypted.
// Ever.  
// sha1 creates a hash of your password
// pack helps to shrink your hash
// base64_encode turns it into base64
$pwd = base64_encode(pack("H*",sha1($pwd)))

这很危险:

除了SQL注入,看起来您的密码可能以纯文本形式存储,这并不是很好.

如果您从未将$ query传递给SQL数据库,那么该代码是非常安全的.