有人入侵了我的数据库并删除了表。
在我的 PHP 页面中,我使用 mysql_real_escape_string 有一个查询:
$db_host="sql2.netsons.com";
$db_name="xxx";
$username="xxx";
$password="xxx";
$db_con=mysql_connect($db_host,$username,$password);
$connection_string=mysql_select_db($db_name);
mysql_connect($db_host,$username,$password);
mysql_set_charset('utf8',$db_con);
$email= mysql_real_escape_string($_POST['email']);
$name= mysql_real_escape_string($_POST['name']);
$sex= mysql_real_escape_string($_POST['sex']);
if($_POST['M']!=""){ $sim = 1; }else { $sim = 0; }
$query = "INSERT INTO `users` (`email`, `name`, `sex`, `M`) VALUES
( '".$email."', '".ucwords(strtolower($name))."', '".$sex."','".$sim."')";
$res = mysql_query($query) or die("Query fail: " . mysql_error() );
mysql_close($db_con);
并且 register_globals 被禁用。
那么,我的数据库是如何被黑的?
最佳答案
The MySQL connection. If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If no connection is found or established, an E_WARNING level error is generated.
在这里解释:Does mysql_real_escape_string() FULLY protect against SQL injection?
根据您的代码片段,您已经连接了两次数据库。
$db_con=mysql_connect($db_host,$username,$password);
$connection_string=mysql_select_db($db_name);
mysql_connect($db_host,$username,$password);
mysql_set_charset('utf8',$db_con);
而且您没有提供数据库链接标识符:
$email= mysql_real_escape_string($_POST['email']);
$name= mysql_real_escape_string($_POST['name']);
$sex= mysql_real_escape_string($_POST['sex']);
因此,mysql_set_charset 对为多字节字符提供的真正转义$_POST 没有影响。
建议
- 去掉第二个
mysql_connect($db_host,$username,$password); - 在执行
mysql_real_escape_string时显式添加
$db_con
关于php - 有人入侵了我的数据库 - 如何?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/4243657/