Sql-Injection-Proof-of-Concept: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „=Unsichere Methode= <pre> <?php if(isset($_POST['submit'])){ //connect db include "inc/connect.php"; //unsafe query $search = $_POST['search'…“) |
|||
| Zeile 7: | Zeile 7: | ||
//unsafe query | //unsafe query | ||
$search = $_POST['search']; | $search = $_POST['search']; | ||
| + | //Database search | ||
| + | $sql = "SELECT * FROM users WHERE username='$search'"; | ||
| + | $result = mysqli_query($link, $sql); | ||
| + | } | ||
| + | ?> | ||
| + | |||
| + | <!DOCTYPE html> | ||
| + | <html> | ||
| + | <body> | ||
| + | <h2>SQL Injection</h2> | ||
| + | <form method="post"> | ||
| + | <label for="fname">Suche</label><br> | ||
| + | <input type="text" name="search"><br> | ||
| + | <input type="submit" name="submit" value="Suche"> | ||
| + | </form> | ||
| + | <br> | ||
| + | <table border = "1"> | ||
| + | <tr> | ||
| + | <td>ID</td> | ||
| + | <td>Name</td> | ||
| + | <td>Passwort</td> | ||
| + | </tr> | ||
| + | <?php | ||
| + | while ($row = mysqli_fetch_row($result)) { | ||
| + | echo "<tr>"; | ||
| + | echo "<td>".$row[0]." </td>"; | ||
| + | echo "<td>".$row[1]." </td>"; | ||
| + | echo "<td>".$row[2]." </td><br>"; | ||
| + | echo "</tr>"; | ||
| + | } | ||
| + | ?> | ||
| + | </table> | ||
| + | </body> | ||
| + | </html> | ||
| + | </pre> | ||
| + | =Sichere Methode= | ||
| + | <pre> | ||
| + | <?php | ||
| + | if(isset($_POST['submit'])){ | ||
| + | //connect db | ||
| + | include "inc/connect.php"; | ||
//safe query | //safe query | ||
| − | + | $search = mysqli_real_escape_string($link, $_POST['search']); | |
//Database search | //Database search | ||
$sql = "SELECT * FROM users WHERE username='$search'"; | $sql = "SELECT * FROM users WHERE username='$search'"; | ||
Version vom 7. Oktober 2020, 16:44 Uhr
Unsichere Methode
<?php
if(isset($_POST['submit'])){
//connect db
include "inc/connect.php";
//unsafe query
$search = $_POST['search'];
//Database search
$sql = "SELECT * FROM users WHERE username='$search'";
$result = mysqli_query($link, $sql);
}
?>
<!DOCTYPE html>
<html>
<body>
<h2>SQL Injection</h2>
<form method="post">
<label for="fname">Suche</label><br>
<input type="text" name="search"><br>
<input type="submit" name="submit" value="Suche">
</form>
<br>
<table border = "1">
<tr>
<td>ID</td>
<td>Name</td>
<td>Passwort</td>
</tr>
<?php
while ($row = mysqli_fetch_row($result)) {
echo "<tr>";
echo "<td>".$row[0]." </td>";
echo "<td>".$row[1]." </td>";
echo "<td>".$row[2]." </td><br>";
echo "</tr>";
}
?>
</table>
</body>
</html>
Sichere Methode
<?php
if(isset($_POST['submit'])){
//connect db
include "inc/connect.php";
//safe query
$search = mysqli_real_escape_string($link, $_POST['search']);
//Database search
$sql = "SELECT * FROM users WHERE username='$search'";
$result = mysqli_query($link, $sql);
}
?>
<!DOCTYPE html>
<html>
<body>
<h2>SQL Injection</h2>
<form method="post">
<label for="fname">Suche</label><br>
<input type="text" name="search"><br>
<input type="submit" name="submit" value="Suche">
</form>
<br>
<table border = "1">
<tr>
<td>ID</td>
<td>Name</td>
<td>Passwort</td>
</tr>
<?php
while ($row = mysqli_fetch_row($result)) {
echo "<tr>";
echo "<td>".$row[0]." </td>";
echo "<td>".$row[1]." </td>";
echo "<td>".$row[2]." </td><br>";
echo "</tr>";
}
?>
</table>
</body>
</html>