这是未加固前的代码

 1 <?php
 2 /**
 3  * Created by runner.han
 4  * There is nothing new under the sun
 5  */
 6 
 7 
 8 $SELF_PAGE = substr($_SERVER['PHP_SELF'],strrpos($_SERVER['PHP_SELF'],'/')+1);
 9 
10 if ($SELF_PAGE = "sqli_str.php"){
11     $ACTIVE = array('','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','active open','','','active','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','');
12 }
13 
14 $PIKA_ROOT_DIR =  "../../";
15 include_once $PIKA_ROOT_DIR . 'header.php';
16 
17 include_once $PIKA_ROOT_DIR."inc/config.inc.php";
18 include_once $PIKA_ROOT_DIR."inc/function.php";
19 include_once $PIKA_ROOT_DIR."inc/mysql.inc.php";
20 
21 $link=connect();
22 $html='';
23 
24 if(isset($_GET['submit']) && $_GET['name']!=null){
25     //这里没有做任何处理，直接拼到select里面去了
26     $name=$_GET['name'];
27     //这里的变量是字符型，需要考虑闭合
28     $query="select id,email from member where username='$name'";
29     $result=execute($link, $query);
30     if(mysqli_num_rows($result)>=1){
31         while($data=mysqli_fetch_assoc($result)){
32             $id=$data['id'];
33             $email=$data['email'];
34             $html.="
your uid:{$id} 
your email is: {$email}
";
35         }
36     }else{
37 
38         $html.="
您输入的username不存在，请重新输入！
";
39     }
40 }
41 
42 
43 
44 ?>
45 
46 
47 
class="main-content">
48     
class="main-content-inner">
49         
class="breadcrumbs ace-save-state" id="breadcrumbs">
50             
class="breadcrumb">
51                 

52                     class="ace-icon fa fa-home home-icon">
53                     sqli
54                 
55                 
class="active">字符型注入
56             

57 
58             59                data-content="变量类型为字符型">
60                 点一下提示~
61             
62 
63         
64         
class="page-content">
65 
66 
67             

68                 
class="sqli_title">what's your username?
69                 

70                     
71                     
72                 
73                 <?php echo $html;?>
74             
75 
76 
77 
78 
79         

80     
81 

82 
83 
84 
85 
86 
87 <?php
88 include_once $PIKA_ROOT_DIR . 'footer.php';
89 
90 ?>

' or '1'='1' --+

下面进行加固

 1 <?php
 2 /**
 3  * Created by runner.han
 4  * There is nothing new under the sun
 5  */
 6 
 7 
 8 $SELF_PAGE = substr($_SERVER['PHP_SELF'],strrpos($_SERVER['PHP_SELF'],'/')+1);
 9 
10 if ($SELF_PAGE = "sqli_str.php"){
11     $ACTIVE = array('','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','active open','','','active','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','');
12 }
13 
14 $PIKA_ROOT_DIR =  "../../";
15 include_once $PIKA_ROOT_DIR . 'header.php';
16 
17 include_once $PIKA_ROOT_DIR."inc/config.inc.php";
18 include_once $PIKA_ROOT_DIR."inc/function.php";
19 include_once $PIKA_ROOT_DIR."inc/mysql.inc.php";
20 
21 $link=connect();
22 $html='';
23 
24 if(isset($_GET['submit']) && $_GET['name']!=null){
25     //这里没有做任何处理，直接拼到select里面去了
26     
27     $name=addslashes($_GET['name']);
28     
29     //这里的变量是字符型，需要考虑闭合
30     $query="select id,email from member where username='$name'";
31     $result=execute($link, $query);
32     if(mysqli_num_rows($result)>=1){
33         while($data=mysqli_fetch_assoc($result)){
34             $id=$data['id'];
35             $email=$data['email'];
36             $html.="
your uid:{$id} 
your email is: {$email}
";
37         }
38     }else{
39 
40         $html.="
您输入的username不存在，请重新输入！
";
41     }
42 }
43 
44 
45 
46 ?>
47 
48 
49 
class="main-content">
50     
class="main-content-inner">
51         
class="breadcrumbs ace-save-state" id="breadcrumbs">
52             
class="breadcrumb">
53                 

54                     class="ace-icon fa fa-home home-icon">
55                     sqli
56                 
57                 
class="active">字符型注入
58             

59 
60             61                data-content="变量类型为字符型">
62                 点一下提示~
63             
64 
65         
66         
class="page-content">
67 
68 
69             

70                 
class="sqli_title">what's your username?
71                 

72                     
73                     
74                 
75                 <?php echo $html;?>
76             
77 
78 
79 
80 
81         

82     
83 

84 
85 
86 
87 
88 
89 <?php
90 include_once $PIKA_ROOT_DIR . 'footer.php';
91 
92 ?>

在27行修改成如下代码$name=addslashes($_GET['name']);防止sql注入

当然方法有很多比如正则表达式等等

下面再用同样的方法看看sql注入是否存在

 可以发现sql注入已经不存在了

下面详细看看这个函数的作用

PHP addslashes() 函数

实例

在每个双引号（"）前添加反斜杠：

<?php
$str = addslashes('Shanghai is the "biggest" city in China.');
echo($str);
?>

运行结果Shanghai is the \"biggest\" city in China.

发现对双引号之类的东西做了过滤

定义和用法

addslashes() 函数返回在预定义字符之前添加反斜杠的字符串。

预定义字符是：

• 单引号（'）
• 双引号（"）
• 反斜杠（\）
• NULL

提示：该函数可用于为存储在数据库中的字符串以及数据库查询语句准备字符串。

注释：默认地，PHP 对所有的 GET、POST 和 COOKIE 数据自动运行 addslashes()。所以您不应对已转义过的字符串使用 addslashes()，因为这样会导致双层转义。遇到这种情况时可以使用函数 get_magic_quotes_gpc() 进行检测。

语法

addslashes(string)

例子 1

向字符串中的预定义字符添加反斜杠：

<?php
$str = "Who's Bill Gates?";
echo $str . " This is not safe in a database query.
";
echo addslashes($str) . " This is safe in a database query.";
?>

运行结果

Who's Bill Gates? This is not safe in a database query.
Who\'s Bill Gates? This is safe in a database query.