Home产品研发数据库sql注入

sql注入

2009 年 5 月 18 日

老是看到怎么防sql注入。今天我就想了想怎么去sql注入。以前一直不明白,今天突然想到了。把代码列出来。

include “config/config.testdb.php”;
include “config/config.smarty.php”;
include “class/class.db.php”;
$x=$_GET[‘x’];
$db=db::getInstance();
$sql= “update money set x=x-$x where id=1”;
echo $sql;
$db->query($sql);

$sql= “update money set y=y+$x where id=1”;
$db->query($sql);

$sql=”select * from money where id=1″;
$rs=$db->getAll($sql);
print_r($rs);

?>

怎么注入呢?

看我传的参数!

http://www.news.com/index.php?x=189,y=2000

发生了什么事?

update money set x=x-189,y=2000 where id=1

看我加粗的地方!sql语句并不是我期待的,但是个正确的语句!

小心!一不小心,也许你也会乱!

Related Posts

About The Author

bjmayor

程序员,码农,php,python,ios,android,go,产品经理,创业。

9 Comments
  1. Stepner

    Cialis Prezzo Online Generic Bentyl Muscle Spasms Cod Accepted Medication Store United Pharmacy Lasix No Precrcription [url=http://ciali5mg.com]cialis 5mg[/url] Mastitis Keflex Ceclor Or Keflex

  2. Lesrism

    Price Propecia Cialis Order From Uk Levitra 10mg Kaufen [url=http://corzide.com]online pharmacy[/url] Fedex Shipping Clobetasol Mastercard Low Price Buying Clobetasol Drugs

  3. Stepner

    Periactin Weight Gain [url=http://cialisong.com]cialis 20mg for sale[/url] Levitra 20 Mg Precio Farmacia Achat Pilule Viagra

  4. Lesrism

    Getting Viagra Overnight Discount Clobetasol Best Website [url=http://ausgsm.com][/url] Instalar La Propecia Order Propecia Non Prescription Acheter Cialis A Montreal

  5. Lesrism

    Propecia Seguridad Social Nolvadex Dosage For Epistane Zithromax 4 Pills One Day [url=http://cialgeneri.com]generic cialis from india[/url] Canadianmeds24h

  6. Stepner

    Levitra Lakemedel Levitra Perdita Vista [url=http://viaaorder.com]viagra[/url] Lasix With No Scrpit Sildalis Canada Online Amoxicillian

  7. Stepner

    Amoxicillin Tablets 100mg For Dogs Propecia Side Effects Long Term All Prescription Knee Infection Keflex [url=http://antabusefast.com]antabuse for sale[/url] Viagra En Farmacias Espana

  8. Lesrism

    Viagra En Farmacias Similares Bentyl In Internet By Money Order No Script Needed [url=http://howtogetvia.com]viagra[/url] Donde Comprar Cialis Generico Clomid Forum Gratuit

  9. Stepner

    Alli Availability 2014 Xenical Orlistat 120 Mg Price [url=http://cheapciali.com]cialis[/url] Sans Ordonnance Amoxicillin Pharmacie En Ligne En Suisse Generique