PHP代码审计-漏洞挖掘
【摘要】 1.sql注入PHPmysql基本函数mysqli_connect()函数mysqli_connect(host,username,password,dbname,port,socket); <?php$con=mysqli_connect("localhost","wrong_user","my_password","my_db");// 检查连接if (!$con){ die("连...
1.sql注入
- PHPmysql基本函数
- mysqli_connect()函数
mysqli_connect(host,username,password,dbname,port,socket);
<?php
$con=mysqli_connect("localhost","wrong_user","my_password","my_db");
// 检查连接
if (!$con)
{
die("连接错误: " . mysqli_connect_error());
}
?> b.mysqli_query()函数
mysqli_query(connection,query,resultmode);
<?php
// 假定数据库用户名:root,密码:123456,数据库:RUNOOB
$con=mysqli_connect("localhost","root","123456","RUNOOB");
if (mysqli_connect_errno($con))
{
echo "连接 MySQL 失败: " . mysqli_connect_error();
}
// 执行查询
mysqli_query($con,"SELECT * FROM websites");
mysqli_query($con,"INSERT INTO websites (name, url, alexa, country)
VALUES ('百度','https://www.baidu.com/','4','CN')");
mysqli_close($con);
?>
c.mysqli_fetch_array()函数
mysqli_fetch_array(result,resulttype);
<?php
// 假定数据库用户名:root,密码:123456,数据库:RUNOOB
$con=mysqli_connect("localhost","root","123456","RUNOOB");
if (mysqli_connect_errno($con))
{
echo "连接 MySQL 失败: " . mysqli_connect_error();
}
$sql="SELECT name,url FROM websites ORDER BY alexa";
$result=mysqli_query($con,$sql);
// 数字数组
$row=mysqli_fetch_array($result,MYSQLI_NUM);
printf ("%s : %s",$row[0],$row[1]);
// 关联数组
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
printf ("%s : %s",$row["name"],$row["url"]);
// 释放结果集
mysqli_free_result($result);
mysqli_close($con);
?>
dmysqli_close()
<?php
$con=mysqli_connect("localhost","my_user","my_password","my_db");
// ....一些 PHP 代码...
mysqli_close($con);
?>
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)