Http MIME Type
MIME:"application/json"
Syntax
:
is 'K:V' . It is the smallest unit of JSON.
,
is separate.
[ ]
is array.
{ }
is object.
Json Value
number or float {"age":30}
string {"name":"lisi"}
boolean {"flag":true}
array {"sites":["name":"yang","name":"ming"]}
object {"sites":{["name":"yang","name":"ming"],"sex":man}}
null { "runoob":null }
example:
{
"users_1": {
"user_2": [
{
"id": "1",
"username": "admin",
"passwd": "admin888"
},
{
"id": "2",
"username": "root",
"passwd": "root123"
},
{
"id": "3",
"username": "system",
"passwd": "system456"
}
]
}
}
Code Audit PHP
<?php
header('content-type:text/html;charset=utf-8');
if(isset($_POST['json'])){
$json_str=$_POST['json'];
$json=json_decode($json_str);
if(!$json){
die('JSON文档格式有误,请检查');
}
//var_dump($json);
$users_1 = $json['users_1'];
//var_dump($users_1);
$user_2=$users_1['user_2'];
//var_dump($user_2);
$array0=$user_2[0];
$username=$array0['username'];
echo $username;
$mysqli=new mysqli();
$mysqli->connect('localhost','root','root');
if($mysqli->connect_errno){
die('数据库连接失败:'.$mysqli->connect_error);
}
$mysqli->select_db('user');
if($mysqli->errno){
dir('打开数据库失败:'.$mysqli->error);
}
$mysqli->set_charset('utf-8');
$sql="SELECT username,paawd FROM users WHERE username='{$username}'";
$result=$mysqli->query($sql);
if(!$result){
die('执行SQL语句失败:'.$mysqli->error);
}else if($result->num_rows==0){
die('查询结果为空');
}else {
$array1=$result->fetch_all(MYSQLI_ASSOC);
echo "用户名:{$array1[0]['username']},密码:{$array1[0]['paawd']}";
}
$result->free();
$mysqli->close();
}
?>
Request:
normal
SQL Inject
This vulnerability is commonly used to insert some illegal data to assist other vulnerabilities, such as SQL Inject.