问题:
Is there an SQL injection possibility even when using mysql_real_escape_string() function? 即使使用mysql_real_escape_string()函数,也有可能进行SQL注入吗?
Consider this sample situation. 考虑此示例情况。 SQL is constructed in PHP like this: SQL是用PHP构造的,如下所示:
$login = mysql_real_escape_string(GetFromPost('login'));
$password = mysql_real_escape_string(GetFromPost('password'));
$sql = "SELECT * FROM table WHERE login='$login' AND password='$password'";
I have heard numerous people say to me that code like that is still dangerous and possible to hack even with mysql_real_escape_string() function used. 我听过很多人对我说,即使使用mysql_real_escape_string()函数,这样的代码仍然很危险,甚至有可能被破解。 But I cannot think of any possible exploit? 但是我想不出任何可能的利用方式?
Classic injections like this: 像这样的经典注射:
aaa' OR 1=1 --
do not work. 不工作。
Do you know of any possible injection that would get through the PHP code above? 您是否知道上面的PHP代码会进行任何可能的注入?
解决方案:
参考一: https://stackoom.com/question/O5Xn/SQL注入绕过mysql-real-escape-string参考二: https://oldbug.net/q/O5Xn/SQL-injection-that-gets-around-mysql-real-escape-string
来源:oschina
链接:https://my.oschina.net/u/4428122/blog/4399336