Skip to content
La2Base
Home
DownloadsWikiForumFAQ
Search
ruen
Sign up Login
HomeFilesWikiLogin
  • Home
  • Downloads
  • Wiki
  • FAQ
  • Contact Us
  • About
  • Rules
  • Privacy
  • Terms of Service

© 2026 la2base.com · All rights reserved

ruen
Forum/Защита сервера/Sql Инъекция
Search

Sql Инъекция

5 replies907 viewsCurrently viewing: 1
simaxa
simaxa

User

Бывалый

Posts: 108

На форуме с: 12/08/2007

Репутация: +10

Рейтинг: 0

· 12/16/2007, 02:27 PM

Как защититься от инъекции?

0
simaxa
simaxa

User

Бывалый

Posts: 108

На форуме с: 12/08/2007

Репутация: +10

Рейтинг: 0

· 12/17/2007, 09:46 PM

Вообще не только от инъекции, но и как защитить свой PHP код?

0
Nick
Nick

User

Новичок

Posts: 12

На форуме с: 05/04/2008

Рейтинг: 0

· 02/14/2008, 04:20 AM

Есть функция:

Код
<?
function antiinjection($str)
{
  $banwords = array ("'", ",", ";", "--","DROP", "SELECT", "UPDATE", "DELETE", "-");
  if (eregi("[a-zA-Z0-9]+", $str))
   {
    $str = str_replace($banwords, '', $str);
   }
  else
   {
    $str = NULL;
   }
  return $str;
}
?>


допустим клан рейтинг, юзвер выбирает из рейтинга клан:

Код
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
  <table width="100%" border="0" cellspacing="0" cellpadding="0">
   <tr>
    <td class="border-tl">&nbsp;</td>
    <td class="border-t h-cell t-bold">Информация</td>
    <td class="border-tr">&nbsp;</td>
   </tr>
   <tr>
    <td class="border-l">&nbsp;</td>
   <td>
    <table width="100%" border="0" cellspacing="0" cellpadding="0">
     <tr>
      <td class="n-cell">
<?
$indx=@$_GET['indx'];
if ($indx == '') $indx = 1;
mssql_connect($mssql_server,$mssql_user,$mssql_pass);
mssql_select_db($mssql_db);

$result=mssql_query("
SELECT     *
FROM             (SELECT  TOP 50 a.char_id, a.char_name, a.Lev, a.builder,
                a.class, a.use_time, a.nickname,
                a.PK, a.Duel, a.gender, a.Exp, a.login, a.logout
FROM         user_data as a

WHERE     (pledge_id = N'$indx')
ORDER BY Exp Desc) DERIVEDTBL

");

$online_users=array();                      
$a_level = 0;
for($x=0;($online_users[$x]=mssql_fetch_assoc($result));$x++)
{
  $hours=round($online_users[$x]['use_time']/3600,1);
  $online_users[$x]['use_time_d']=floor($hours/24)." дн. ".($hours % 24)." ч.";
  $a_level=$a_level+$online_users[$x]['Lev'];
}  
unset($online_users[count($online_users)-1]);

$a_level=round($a_level/count($online_users), 2);

if (mssql_num_rows($result1)<>0)
{
  for($x;($online_users[$x]=mssql_fetch_assoc($result1));$x++)
   {
    $hours=round($online_users[$x]['use_time']/3600,1);
    $online_users[$x]['use_time_d']=floor($hours/24)." дн. ".($hours % 24)." ч.";
   }
  unset($online_users[count($online_users)-1]);
}

$result=mssql_query("
        SELECT *
        FROM pledge  
        WHERE (pledge_id = N'$indx')");

$clan=mssql_fetch_assoc($result);

$result=mssql_query("
        SELECT a.char_name, a.Lev, a.builder, a.class, a.use_time, a.nickname,
               a.PK, a.Duel, a.gender, a.Exp, a.char_id, a.login, a.logout
        FROM user_data as a

        WHERE (a.char_id = ".$clan["ruler_id"].")");

$leader=mssql_fetch_assoc($result);
$hours=round($leader['use_time']/3600,1);
$leader['use_time_d']=floor($hours/24)." дн. ".($hours % 24)." ч.";
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
  <td class="h-cell b-tblr t-bold">Информация о клане <?=$clan["name"]?></td>
</tr>
<?=$sep?>
</table>

<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
  <td class="p-2 ac">
   <table border="0" align="center" cellpadding="0" cellspacing="0">
    <tr>
     <td class="al">Уровень клана:</td>
     <td class="t-bold al info"><?=$clan["skill_level"]?></td>
    </tr>
    <tr>
     <td class="al">Количество человек в клане:</td>
     <td class="t-bold al info"><?=count($online_users)?></td>
    </tr>
    <tr>
     <td class="al">Средний уровень членов клана:&nbsp;</td>
     <td class="t-bold al info"><?=$a_level?></td>
    </tr>
   </table>
  </td>
</tr>
<?=$sep?>
</table>

<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
  <td class="h-cell b-tblr">Лидер</td>
</tr>
<?=$sep?>
</table>

<table width="100%" border="0" cellspacing=0 sellpadding=0>
<tr class="h-cell">
  <td class="b-tbl">Ник</td>
  <td width="120" class="b-tbl">Титул</td>
  <td width="50" class="b-tbl">Уров.</td>
  <td width="120" class="b-tbl">Класс</td>
  <td width="80" class="b-tbl">Наиграно</td>
  <td width="60" class="b-tbl">PvP/PK</td>
  <td width="60" class="b-tbl">Опыт</td>
  <td width="16" class="b-tblr">&nbsp;</td>
</tr>
<tr class="n-cell">
  <td style="color:<?=$leader["builder"]?$leader["gender"]?$color_female:$color_male:$color_builder?>" class="b-bl p-2"><?=$leader["char_name"]?></td>
  <td class="b-bl p-2 ac info">
  <?
   if (strlen($leader["nickname"])<>0&&$leader["nickname"]<>" ")
    {
     $str=str_replace("<","&lt;",$leader["nickname"]);
     $str=str_replace(">","&gt;",$str);
     echo $str;        
    }
   else
    echo '&nbsp;';
  ?>
  </td>        
  <td class="b-bl p-2 ac"><?=$leader["Lev"]?></td>
  <td class="b-bl p-2 ac"><? echo '<a href=index.php?act=show_prof_info&indx='.$leader["class"].'>'.$class_list[$leader["class"]].'</a>';?></td>
  <td class="b-bl p-2 ar"><?=$leader["use_time_d"]?></td>
  <td class="b-bl p-2 ac"><?=$leader["Duel"]?>/<?=$leader["PK"]?></td>
  <td class="b-bl p-2 ar"><?=round($leader["Exp"]/1000)?> K</td>
  <td class="b-blr p-2 ac">
  <?
   if ($leader["login"]>$leader["logout"])
    echo $str_online;
   else
    echo $str_offline;
  ?>
  </td>
</tr>
</table>

<table width="100%" border="0" cellpadding="0" cellspacing="0">
<?=$sep?>
<tr>
  <td class="h-cell b-tblr">Члены клана</td>
</tr>
<?=$sep?>
</table>

<table width="100%" border="0" cellspacing=0 sellpadding=0>
<tr class="h-cell">
  <td class="b-tbl">Ник</td>
  <td width="120" class="b-tbl">Титул</td>
  <td width="50" class="b-tbl">Уров.</td>
  <td width="120" class="b-tbl">Класс</td>
  <td width="80" class="b-tbl">Наиграно</td>
  <td width="60" class="b-tbl">PvP/PK</td>
  <td width="60" class="b-tbl">Опыт</td>
  <td width="16" class="b-tblr">&nbsp;</td>
</tr>
<?
for($x=0;$x<count($online_users);$x++)
{
  if ($online_users[$x]["char_id"]==$clan["ruler_id"])
   { continue; }
?>
<tr class="n-cell">
  <td style="color:<?=$online_users[$x]["builder"]?$online_users[$x]["gender"]?$color_female:$color_male:$color_builder?>" class="b-bl p-2"><?=$online_users[$x]["char_name"]?></td>
  <td class="b-bl p-2 ac info">
<?
if (strlen($online_users[$x]["nickname"])<>0 && $online_users[$x]["nickname"]<>" ")
  {
   $str=str_replace("<","&lt;",$online_users[$x]["nickname"]);
   $str=str_replace(">","&gt;",$str);
   echo $str;        
  }
else
  echo '&nbsp;';
?>
  </td>        
  <td class="b-bl p-2 ac"><?=$online_users[$x]["Lev"]?></td>
  <td class="b-bl p-2 ac"><? echo '<a href=index.php?act=show_prof_info&indx='.$online_users[$x]["class"].'>'.$class_list[$online_users[$x]["class"]].'</a>';?></td>
  <td class="b-bl p-2 ar"><?=$online_users[$x]["use_time_d"]?></td>
  <td class="b-bl p-2 ac"><?=$online_users[$x]["Duel"]?>/<?=$online_users[$x]["PK"]?></td>
  <td class="b-bl p-2 ar"><?=round($online_users[$x]["Exp"]/1000)?> K</td>
  <td class="b-blr p-2 ac">
<?
if ($online_users[$x]["login"]>$online_users[$x]["logout"])
  echo $str_online;
else
  echo $str_offline;
?>
  </td>
</tr>
<? }
if (count($online_users) == 1)
echo '<tr class="n-cell"><td class="b-blr p-2 ac" colspan="8">Кроме лидера в клане никого нет</td></tr>';
?>
</table>

<table width="100%" border="0" cellpadding="0" cellspacing="0">
<?=$sep?>
<tr>
  <td class="n-cell b-tblr p-2 ac"><a href="index.php?act=show_clans_rating">Вернуться к списку кланов</a></td>
</tr>
</table>
       </td>
      </tr>
     </table>
    </td>
    <td class="border-r">&nbsp;</td>
   </tr>
   <tr>
    <td class="border-bl">&nbsp;</td>
    <td class="border-b h-cell"><img src="skins/<?=$skin_name?>/images/line.gif"></td>
    <td class="border-br">&nbsp;</td>
   </tr>
  </table>


и вот уже с фильтрацией того что ввел юзвер:

Код
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
  <table width="100%" border="0" cellspacing="0" cellpadding="0">
   <tr>
    <td class="border-tl">&nbsp;</td>
    <td class="border-t h-cell t-bold">Информация</td>
    <td class="border-tr">&nbsp;</td>
   </tr>
   <tr>
    <td class="border-l">&nbsp;</td>
   <td>
    <table width="100%" border="0" cellspacing="0" cellpadding="0">
     <tr>
      <td class="n-cell">
<?
$indx=@$_GET['indx'];
if ($indx == '') $indx = 1;
$indx=antiinjection($indx);
mssql_connect($mssql_server,$mssql_user,$mssql_pass);
mssql_select_db($mssql_db);

$result=mssql_query("
SELECT     *
FROM             (SELECT  TOP 50 a.char_id, a.char_name, a.Lev, a.builder,
                a.class, a.use_time, a.nickname,
                a.PK, a.Duel, a.gender, a.Exp, a.login, a.logout
FROM         user_data as a

WHERE     (pledge_id = N'$indx')
ORDER BY Exp Desc) DERIVEDTBL

");

$online_users=array();                      
$a_level = 0;
for($x=0;($online_users[$x]=mssql_fetch_assoc($result));$x++)
{
  $hours=round($online_users[$x]['use_time']/3600,1);
  $online_users[$x]['use_time_d']=floor($hours/24)." дн. ".($hours % 24)." ч.";
  $a_level=$a_level+$online_users[$x]['Lev'];
}  
unset($online_users[count($online_users)-1]);

$a_level=round($a_level/count($online_users), 2);

if (mssql_num_rows($result1)<>0)
{
  for($x;($online_users[$x]=mssql_fetch_assoc($result1));$x++)
   {
    $hours=round($online_users[$x]['use_time']/3600,1);
    $online_users[$x]['use_time_d']=floor($hours/24)." дн. ".($hours % 24)." ч.";
   }
  unset($online_users[count($online_users)-1]);
}

$result=mssql_query("
        SELECT *
        FROM pledge  
        WHERE (pledge_id = N'$indx')");

$clan=mssql_fetch_assoc($result);

$result=mssql_query("
        SELECT a.char_name, a.Lev, a.builder, a.class, a.use_time, a.nickname,
               a.PK, a.Duel, a.gender, a.Exp, a.char_id, a.login, a.logout
        FROM user_data as a

        WHERE (a.char_id = ".$clan["ruler_id"].")");

$leader=mssql_fetch_assoc($result);
$hours=round($leader['use_time']/3600,1);
$leader['use_time_d']=floor($hours/24)." дн. ".($hours % 24)." ч.";
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
  <td class="h-cell b-tblr t-bold">Информация о клане <?=$clan["name"]?></td>
</tr>
<?=$sep?>
</table>

<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
  <td class="p-2 ac">
   <table border="0" align="center" cellpadding="0" cellspacing="0">
    <tr>
     <td class="al">Уровень клана:</td>
     <td class="t-bold al info"><?=$clan["skill_level"]?></td>
    </tr>
    <tr>
     <td class="al">Количество человек в клане:</td>
     <td class="t-bold al info"><?=count($online_users)?></td>
    </tr>
    <tr>
     <td class="al">Средний уровень членов клана:&nbsp;</td>
     <td class="t-bold al info"><?=$a_level?></td>
    </tr>
   </table>
  </td>
</tr>
<?=$sep?>
</table>

<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
  <td class="h-cell b-tblr">Лидер</td>
</tr>
<?=$sep?>
</table>

<table width="100%" border="0" cellspacing=0 sellpadding=0>
<tr class="h-cell">
  <td class="b-tbl">Ник</td>
  <td width="120" class="b-tbl">Титул</td>
  <td width="50" class="b-tbl">Уров.</td>
  <td width="120" class="b-tbl">Класс</td>
  <td width="80" class="b-tbl">Наиграно</td>
  <td width="60" class="b-tbl">PvP/PK</td>
  <td width="60" class="b-tbl">Опыт</td>
  <td width="16" class="b-tblr">&nbsp;</td>
</tr>
<tr class="n-cell">
  <td style="color:<?=$leader["builder"]?$leader["gender"]?$color_female:$color_male:$color_builder?>" class="b-bl p-2"><?=$leader["char_name"]?></td>
  <td class="b-bl p-2 ac info">
  <?
   if (strlen($leader["nickname"])<>0&&$leader["nickname"]<>" ")
    {
     $str=str_replace("<","&lt;",$leader["nickname"]);
     $str=str_replace(">","&gt;",$str);
     echo $str;        
    }
   else
    echo '&nbsp;';
  ?>
  </td>        
  <td class="b-bl p-2 ac"><?=$leader["Lev"]?></td>
  <td class="b-bl p-2 ac"><? echo '<a href=index.php?act=show_prof_info&indx='.$leader["class"].'>'.$class_list[$leader["class"]].'</a>';?></td>
  <td class="b-bl p-2 ar"><?=$leader["use_time_d"]?></td>
  <td class="b-bl p-2 ac"><?=$leader["Duel"]?>/<?=$leader["PK"]?></td>
  <td class="b-bl p-2 ar"><?=round($leader["Exp"]/1000)?> K</td>
  <td class="b-blr p-2 ac">
  <?
   if ($leader["login"]>$leader["logout"])
    echo $str_online;
   else
    echo $str_offline;
  ?>
  </td>
</tr>
</table>

<table width="100%" border="0" cellpadding="0" cellspacing="0">
<?=$sep?>
<tr>
  <td class="h-cell b-tblr">Члены клана</td>
</tr>
<?=$sep?>
</table>

<table width="100%" border="0" cellspacing=0 sellpadding=0>
<tr class="h-cell">
  <td class="b-tbl">Ник</td>
  <td width="120" class="b-tbl">Титул</td>
  <td width="50" class="b-tbl">Уров.</td>
  <td width="120" class="b-tbl">Класс</td>
  <td width="80" class="b-tbl">Наиграно</td>
  <td width="60" class="b-tbl">PvP/PK</td>
  <td width="60" class="b-tbl">Опыт</td>
  <td width="16" class="b-tblr">&nbsp;</td>
</tr>
<?
for($x=0;$x<count($online_users);$x++)
{
  if ($online_users[$x]["char_id"]==$clan["ruler_id"])
   { continue; }
?>
<tr class="n-cell">
  <td style="color:<?=$online_users[$x]["builder"]?$online_users[$x]["gender"]?$color_female:$color_male:$color_builder?>" class="b-bl p-2"><?=$online_users[$x]["char_name"]?></td>
  <td class="b-bl p-2 ac info">
<?
if (strlen($online_users[$x]["nickname"])<>0 && $online_users[$x]["nickname"]<>" ")
  {
   $str=str_replace("<","&lt;",$online_users[$x]["nickname"]);
   $str=str_replace(">","&gt;",$str);
   echo $str;        
  }
else
  echo '&nbsp;';
?>
  </td>        
  <td class="b-bl p-2 ac"><?=$online_users[$x]["Lev"]?></td>
  <td class="b-bl p-2 ac"><? echo '<a href=index.php?act=show_prof_info&indx='.$online_users[$x]["class"].'>'.$class_list[$online_users[$x]["class"]].'</a>';?></td>
  <td class="b-bl p-2 ar"><?=$online_users[$x]["use_time_d"]?></td>
  <td class="b-bl p-2 ac"><?=$online_users[$x]["Duel"]?>/<?=$online_users[$x]["PK"]?></td>
  <td class="b-bl p-2 ar"><?=round($online_users[$x]["Exp"]/1000)?> K</td>
  <td class="b-blr p-2 ac">
<?
if ($online_users[$x]["login"]>$online_users[$x]["logout"])
  echo $str_online;
else
  echo $str_offline;
?>
  </td>
</tr>
<? }
if (count($online_users) == 1)
echo '<tr class="n-cell"><td class="b-blr p-2 ac" colspan="8">Кроме лидера в клане никого нет</td></tr>';
?>
</table>

<table width="100%" border="0" cellpadding="0" cellspacing="0">
<?=$sep?>
<tr>
  <td class="n-cell b-tblr p-2 ac"><a href="index.php?act=show_clans_rating">Вернуться к списку кланов</a></td>
</tr>
</table>
       </td>
      </tr>
     </table>
    </td>
    <td class="border-r">&nbsp;</td>
   </tr>
   <tr>
    <td class="border-bl">&nbsp;</td>
    <td class="border-b h-cell"><img src="skins/<?=$skin_name?>/images/line.gif"></td>
    <td class="border-br">&nbsp;</td>
   </tr>
  </table>


Как видем дела всего на 1 минуту pogranichnik.gif

0
В
Валентин

User

Новичок

Posts: 10

На форуме с: 05/07/2007

Репутация: +40

Рейтинг: 0

· 02/14/2008, 07:48 AM

Цитата(Nicker @ 14.2.2008, 4:20) <{POST_SNAPBACK}>
Есть функция:
Цитата
<?
function antiinjection($str) {
$banwords = array ("'", ",", ";", "--","DROP", "SELECT", "UPDATE", "DELETE", "-");
if (eregi("[a-zA-Z0-9]+", $str)) {
return str_ireplace($banwords, '', $str);
} else {
return NULL;
}
}
?>


Мне например неочень такая защита нравится, вопервых неучтен регистр, вовторых видел SQL-иньекции в которых используется функция chr(), т.е. в встраиваемом запросе не будет DELETE - будет chr(32,12,...,39)
eregi уже устарел и работает очень медленно (в PHP6 его уже нет) - вместо него лучше использовать preg_match()
Если вводится только число то надежнее всего ctype_digit()
Есть ещё функция mysql_escape_string (для mssql запросов тоже должна подойти)

0
Nick
Nick

User

Новичок

Posts: 12

На форуме с: 05/04/2008

Рейтинг: 0

· 02/14/2008, 03:20 PM

Та пожалусто)))

Код
if (isset($_REQUEST['k'])) $k =$_REQUEST['k'];
if (isset($_REQUEST['id']))  
{
$id =$_REQUEST['id'];
if (preg_match("/[^a-zA-Z0-9_]/", $id))  
{
Header("Location: index.php?id=start");
exit;
}
}
else
{
$id = "start";
}
switch ($id):

0
Topic is closed for replies