本篇教程介绍了HTML+CSS入门 Injection - Stored详解,希望阅读本篇文章以后大家有所收获,帮助大家HTML+CSS入门。
<
1
2
3
HTML Injection - Stored (Blog)
4
5
" method="POST">6
7
8
9
10
11
12
13
14
15
16
17
18
19 Submit
20
21
22
23
24
25 Add:
26
27
28
29
30
31
32 Show all:
33
34
35
36
37
38
39 Delete:
40
41
42
43
44
45
46
<?php echo $message;?>47
48
49
50
51
52
53
54
55
56
57
58
59
60
#61
Owner62
Date63
Entry64
65
66 // 上面是html,下面开始是PHP源码
67 <?php
68
69 // Selects all the records
70
71 $entry_all = isset($_POST["entry_all"]) ? 1 : 0;
72
73 if($entry_all == false)
74 {
75
76 $sql = "SELECT * FROM blog WHERE owner = ‘" . $_SESSION["login"] . "‘";
77
78 }
79
80 else
81 {
82
83 $sql = "SELECT * FROM blog";
84
85 }
86
87 $recordset = $link->query($sql);
88
89 if(!$recordset)
90 {
91
92 // die("Error: " . $link->connect_error . "
");
93
94 ?>
95
96
97
<?php die("Error: " . $link->error);?>98
103
104
105
106 <?php
107
108 }
109
110 while($row = $recordset->fetch_object())
111 {
112
113 if($_COOKIE["security_level"] == "1" or $_COOKIE["security_level"] == "2")
114 {
115
116 ?>
117
118
119
<?php echo $row->id; ?>120
<?php echo $row->owner; ?>121
<?php echo $row->date; ?>122
<?php echo xss_check_3($row->entry); ?>123
124
125
126 <?php
127
128 }
129
130 else
131 {
132
133 ?>
134
135
136
<?php echo $row->id; ?>137
<?php echo $row->owner; ?>138
<?php echo $row->date; ?>139
<?php echo $row->entry; ?>140
141
142
143 <?php
144
145 }
146
147 }
148
149 $recordset->close();
150
151 $link->close();
152
153 ?>
154
155
156
感觉防护代码这有点问题,我没看明白
1 function htmli($data)
2 {
3
4 include("connect_i.php"); //链接数据库
5
6 switch($_COOKIE["security_level"]) //检测级别在cookie里
7 {
8
9 case "0" :
10
11 $data = sqli_check_3($link, $data);
12 break;
13
14 case "1" :
15
16 $data = sqli_check_3($link, $data);
17 // $data = xss_check_4($data);
18 break;
19
20 case "2" :
21
22 $data = sqli_check_3($link, $data);
23 // $data = xss_check_3($data);
24 break;
25
26 default :
27
28 $data = sqli_check_3($link, $data);
29 break;
30
31 }
无论case是几,执行的都是
sqli_check_3()进行过滤
sqli_check_3()的定义是
1 function sqli_check_3($link, $data)
2 {
3
4 return mysqli_real_escape_string($link, $data);
5
6 }
mysql_real_escape_string() 函数转义 SQL 语句中使用的字符串中的特殊字符。
下列字符受影响:
\x00
\n
\r
\
‘
"
\x1a
如果成功,则该函数返回被转义的字符串。如果失败,则返回 false。
1.low
级别同时不进行保护
2.medium
xss_check_4进行防xss保护
函数功能为
function xss_check_4($data)
{
// addslashes - returns a string with backslashes before characters that need to be quoted in database queries etc.
// These characters are single quote (‘), double quote ("), backslash (\) and NUL (the NULL byte).
// Do NOT use this for XSS or HTML validations!!!
return addslashes($data);
}
在预定义字符前加反斜杠
预定义字符是:
单引号(‘)
双引号(")
反斜杠(\)
NULL
3.high
xss_check_3功能
1 function xss_check_3($data, $encoding = "UTF-8")
2 {
3
4 // htmlspecialchars - converts special characters to HTML entities
5 // ‘&‘ (ampersand) becomes ‘&‘
6 // ‘"‘ (double quote) becomes ‘"‘ when ENT_NOQUOTES is not set
7 // "‘" (single quote) becomes ‘'‘ (or ') only when ENT_QUOTES is set
8 // ‘
9 // ‘>‘ (greater than) becomes ‘>‘
10
11 return htmlspecialchars($data, ENT_QUOTES, $encoding);
12
13 }
本文由职坐标整理发布,欢迎关注职坐标WEB前端HTML/CSS频道,获取更多HTML/CSS知识!