Sql-Injection-Proof-of-Concept: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „=Unsichere Methode= <pre> <?php if(isset($_POST['submit'])){ //connect db include "inc/connect.php"; //unsafe query $search = $_POST['search'…“) |
|||
Zeile 7: | Zeile 7: | ||
//unsafe query | //unsafe query | ||
$search = $_POST['search']; | $search = $_POST['search']; | ||
+ | //Database search | ||
+ | $sql = "SELECT * FROM users WHERE username='$search'"; | ||
+ | $result = mysqli_query($link, $sql); | ||
+ | } | ||
+ | ?> | ||
+ | |||
+ | <!DOCTYPE html> | ||
+ | <html> | ||
+ | <body> | ||
+ | <h2>SQL Injection</h2> | ||
+ | <form method="post"> | ||
+ | <label for="fname">Suche</label><br> | ||
+ | <input type="text" name="search"><br> | ||
+ | <input type="submit" name="submit" value="Suche"> | ||
+ | </form> | ||
+ | <br> | ||
+ | <table border = "1"> | ||
+ | <tr> | ||
+ | <td>ID</td> | ||
+ | <td>Name</td> | ||
+ | <td>Passwort</td> | ||
+ | </tr> | ||
+ | <?php | ||
+ | while ($row = mysqli_fetch_row($result)) { | ||
+ | echo "<tr>"; | ||
+ | echo "<td>".$row[0]." </td>"; | ||
+ | echo "<td>".$row[1]." </td>"; | ||
+ | echo "<td>".$row[2]." </td><br>"; | ||
+ | echo "</tr>"; | ||
+ | } | ||
+ | ?> | ||
+ | </table> | ||
+ | </body> | ||
+ | </html> | ||
+ | </pre> | ||
+ | =Sichere Methode= | ||
+ | <pre> | ||
+ | <?php | ||
+ | if(isset($_POST['submit'])){ | ||
+ | //connect db | ||
+ | include "inc/connect.php"; | ||
//safe query | //safe query | ||
− | + | $search = mysqli_real_escape_string($link, $_POST['search']); | |
//Database search | //Database search | ||
$sql = "SELECT * FROM users WHERE username='$search'"; | $sql = "SELECT * FROM users WHERE username='$search'"; |
Version vom 7. Oktober 2020, 16:44 Uhr
Unsichere Methode
<?php if(isset($_POST['submit'])){ //connect db include "inc/connect.php"; //unsafe query $search = $_POST['search']; //Database search $sql = "SELECT * FROM users WHERE username='$search'"; $result = mysqli_query($link, $sql); } ?> <!DOCTYPE html> <html> <body> <h2>SQL Injection</h2> <form method="post"> <label for="fname">Suche</label><br> <input type="text" name="search"><br> <input type="submit" name="submit" value="Suche"> </form> <br> <table border = "1"> <tr> <td>ID</td> <td>Name</td> <td>Passwort</td> </tr> <?php while ($row = mysqli_fetch_row($result)) { echo "<tr>"; echo "<td>".$row[0]." </td>"; echo "<td>".$row[1]." </td>"; echo "<td>".$row[2]." </td><br>"; echo "</tr>"; } ?> </table> </body> </html>
Sichere Methode
<?php if(isset($_POST['submit'])){ //connect db include "inc/connect.php"; //safe query $search = mysqli_real_escape_string($link, $_POST['search']); //Database search $sql = "SELECT * FROM users WHERE username='$search'"; $result = mysqli_query($link, $sql); } ?> <!DOCTYPE html> <html> <body> <h2>SQL Injection</h2> <form method="post"> <label for="fname">Suche</label><br> <input type="text" name="search"><br> <input type="submit" name="submit" value="Suche"> </form> <br> <table border = "1"> <tr> <td>ID</td> <td>Name</td> <td>Passwort</td> </tr> <?php while ($row = mysqli_fetch_row($result)) { echo "<tr>"; echo "<td>".$row[0]." </td>"; echo "<td>".$row[1]." </td>"; echo "<td>".$row[2]." </td><br>"; echo "</tr>"; } ?> </table> </body> </html>