PHP-防止SQL注入

php.ini配置

magic_quotes_gpc = On

万能密码：

mysql> select * from user where username='wang' and password='123';

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

|       1 | wang     | 123       |

+--------+----------+----------+

1 row in set (0.00 sec)

mysql> select * from user where username='wang' and password='12';

Empty set (0.00 sec)

mysql> select * from user where username='wang' and password='aa' or 1='1';

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

|       1 | wang     | 123       |

|       2 | yong     | 123       |

|       2 | ke       | 321       |

+--------+----------+----------+

3 rows in set (0.01 sec)

mysql> select * from user where username='wa' and password='aa' or 1='1';

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

|       1 | wang     | 123       |

|       2 | yong     | 123       |

|       2 | ke       | 321       |

+--------+----------+----------+

3 rows in set (0.00 sec)

万能用户名：

mysql> select * from user where username='sjdlf' or 1=1 ;

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

|       1 | wang     | 123       |

|       2 | yong     | 123       |

|       2 | ke       | 321       |

+--------+----------+----------+

3 rows in set (0.00 sec)

mysql> select * from user where username='sjdlf' or 1=1 and password='123';

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

|       1 | wang     | 123       |

|       2 | yong     | 123       |

+--------+----------+----------+

2 rows in set (0.00 sec)

mysql> select * from user where username='wang' union   select * from user where userid=2;

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

|       1 | wang     | 123       |

|       2 | yong     | 123       |

+--------+----------+----------+

2 rows in set (0.00 sec)

mysql> select * from user where username='wang' union   all select * from user where userid=2;

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

|       1 | wang     | 123       |

|       2 | yong     | 123       |

+--------+----------+----------+

2 rows in set (0.00 sec)

mysql> select * from user where username='wang' and password='123' union   all select * from user where userid=2;

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

|       1 | wang     | 123       |

|       2 | yong     | 123       |

+--------+----------+----------+

2 rows in set (0.00 sec)

mysql> select * from user where username='wang' and password='123' union   all select * from user;

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

|       1 | wang     | 123       |

|       1 | wang     | 123       |

|       2 | yong     | 123       |

|       3 | ke       | 321       |

+--------+----------+----------+

4 rows in set (0.00 sec)

mysql> select * from user where username='wang' and password='123' union   select * from user;

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

|       1 | wang     | 123       |

|       2 | yong     | 123       |

|       3 | ke       | 321       |

+--------+----------+----------+

3 rows in set (0.00 sec)

mysql> select * from user where username='wang' and password='321' union   select * from user;

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

|       1 | wang     | 123       |

|       2 | yong     | 123       |

|       3 | ke       | 321       |

+--------+----------+----------+

3 rows in set (0.00 sec)

mysql> select * from user where username='wd' and password='321' union   select * from user;

+--------+----------+----------+

| userid | username | password |

+--------+----------+----------+

|       1 | wang     | 123       |

|       2 | yong     | 123       |

|       3 | ke       | 321       |

+--------+----------+----------+

3 rows in set (0.00 sec)

mysql>