1.验证是否开启 mysqli :
//1. phpinfo()
//2.检测模块是否加载extension_loaded('mysqli');
//3.检测函数是否存在 function_exists('mysqli_connect');
//4.得到当前已经开启的模块 get_loaded_extensions()用户列表的实现:
userList.php
<?php
header('Content-Type:text/html;charset=utf-8');
$mysqli =new MySQLi('localhost','root','123456','test');
if($mysqli->connect_error){
die('连接错误' . $mysqli->connect_error);
}
$sql = "select * from user2";
$result = $mysqli->query($sql);
if(!$result){
die("查询错误" . $mysqli->error);
}
while($row = $result->fetch_row()){
$rows[] = $row; //将查到的数据封装到数组里面
}
var_dump($rows);
?>
<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8"/>
</head>
<body>
<h2>用户列表 -- <a href="addUser.php">添加用户</a></h2>
<table border="1" cellspacing="0" cellpadding="0" width="80%">
<tr>
<td>编号</td>
<td>用户名</td>
<td>年龄</td>
<td>操作</td>
</tr>
<?php foreach($rows as $row):?>
<tr>
<td><?php echo $row[0];?></td>
<td><?php echo $row[1];?></td>
<td><?php echo $row[2];?></td>
<td><a href="editUser.php">更新</a>|<a href="doAction.php?act=delUser&id=<?php echo $i;?>">删除</a></td>
</tr>
<?php endforeach;?>
</table>
</body>
</html>
添加用户:
addUser.php
<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8"/>
</head>
<body>
<h2>添加用户</h2>
<form action="doAction.php?act=addUser" method="post">
<table>
<tr>
<td>ID</td>
<td> <input type="number" name="id" id="" placeholder="请输入用户名ID" required="required"/> </td>
</tr>
<tr>
<td>用户名</td>
<td> <input type="text" name="username" id="" placeholder="请输入用户名" required="required"/> </td>
</tr>
<tr>
<td>年龄</td>
<td> <input type="number" min="1" max="100" name="age" id="" placeholder="请输入年龄" required="required"/> </td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="添加用户"/></td>
</tr>
</table>
</form>
</body>
</html>doAction.php
<?php
//添加用户
header('Content-Type:text/html;charset=utf-8');
$mysqli = new MySQLi('localhost','root','123456','test');
if($mysqli->connect_error){
die("连接错误" . $mysqli->connect_error);
}
$mysqli->set_charset('utf8');
$id = $_POST['id'];
$username = $_POST['username'];
$username = $mysqli->escape_string($username);//转义输入的特殊字符
$age = $_POST['age'];
$act = $_GET['act'];//根据不同操作完成不同功能
switch($act)
{
case 'addUser':
//echo '添加用户';
$sql = "insert into user2(id,username,age) values('{$id}','{$username}','{$age}')";
$res = $mysqli->query($sql);
if($res){
$insert_id = $mysqli->insert_id;
echo "<script type='text/javascript'>
alert('添加成功,网站的第{$insert_id}位用户');
location.href = 'userList.php';
</script>";
}else{
echo $mysqli->error;
echo "<script type='text/javascript'>
alert('添加失败');
location.href = 'addUser.php';
</script>";
}
break;
case 'delUser':
echo '删除记录' . $id;
$sql = "select from user where id=" . $id;
$res = $mysqli->query($sql);
if($res){
$mes = '删除成功';
}else{
$mes = '删除失败';
}
$url = 'userList.php';
echo "<script type='text/javascript'>
alert('{$mes}');
location.href = '{$url}';
</script>";
break;
}
sql 注入 :
登陆页面:
<html>
<head>
<meta http-equiv="content-type" content="text/html"/>
</head>
<body>
<form action="login.php" method="post">
username:<input type="text" name="username" id=""/><br/>
password:<input type="password" name="password" id=""/><br/>
<input type="submit" value="登陆"/>
</form>
</body>
</html>处理页面:
<?php
$mysqli = new MySQLi('localhost','root','123456','test');
if($mysqli->connect_error){
die('connect error' . $mysqli->connect_error);
}
$mysqli->set_charset('utf8');
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "select * from user1 where name='{$username}' and password='{$password}'";
$mysqli_result = $mysqli->query($sql);
//var_dump($mysqli_result);die();
if($mysqli_result){
echo 'Ok';
}else{
echo 'No' . $mysqli->error;
}用户名输入: ' or 1=1 # 就可以通过验证
233
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
