SQL Injection Username and Password
This question already has an answer here:
your problem is located in the select statement:
SELECT * FROM users WHERE username='$username' AND password='$password'
Imagine a user providing the name ' OR 1=1 LIMIT 1 --
(note the space after --
) It would always exactly return ONE result row - so the login is valid, cause the query executed would be:
SELECT * FROM users WHERE username='' OR 1=1 LIMIT 1 -- ' AND password='$password'
mysql will ignore the comment, so the query is:
SELECT * FROM users WHERE username='' OR 1=1 LIMIT 1
You should escape the values before using them:
$username = mysqli_real_escape_string($link, $_POST["username"]);
See this fiddle as example: http://sqlfiddle.com/#!2/fd8be/1 (One resultrow -> Your logic would say: "Logged in!" - without even knowing any username and/or password.)
链接地址: http://www.djcxy.com/p/93810.html上一篇: SqlParameter对象C#
下一篇: SQL注入用户名和密码