نوشته اصلی توسط Fri3nds
نمایش پست ها
عزیز Ùکر کنم این \ یک نوع راه ØÙ„ Ùرار از اینجکت شدنه Ùراخونی تابع از کتابخونه mysql
Ùˆ یا دیتا بیس هستش ! Ú©Ù‡ مثلا میان توی برنامه نویسی سایت مثلا با این \x00, \n, \r, \, ', " and \x1a علائم مثلا امنش میکنن Ú©Ù‡ وقتی ما اسیب پذیری رو Ú†Ú© میکنیم اون نشون میده Ú©Ù‡ با Ú†ÛŒ Ùیلتر کردن ؟؟؟ درست Ú¯Ùتم ؟؟؟
اینم یک تیکه از سورسی که ازش خوندم مطلبو !! :
This function, i.e. mysql_real_escape_string(), calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a. This function must always (with few exceptions) be used to make data safe before sending a query to MySQL.[14]
There are other functions for many database types in PHP such as pg_escape_string() for PostgreSQL. There is, however, one function that works for escaping characters, and used especially for injection in the databases that do not have escaping functions in PHP. This function is: addslashes(string $str ). It returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).[15]
Routinely passing escaped strings to SQL is error prone because it is easy to forget to escape a given string. Creating a transparent layer to secure the input can reduce this error-proneness, if not entirely eliminate it.[16]
There are other functions for many database types in PHP such as pg_escape_string() for PostgreSQL. There is, however, one function that works for escaping characters, and used especially for injection in the databases that do not have escaping functions in PHP. This function is: addslashes(string $str ). It returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).[15]
Routinely passing escaped strings to SQL is error prone because it is easy to forget to escape a given string. Creating a transparent layer to secure the input can reduce this error-proneness, if not entirely eliminate it.[16]
دوستان عزیز شرمنده Ú©Ù‡ این پست رو دو جا قرار دادم ! اخه Ùکر کنم توی اون تاپیک جاش ناجوره ! Ùˆ ربطی نداره در نتیجه اینجا قرارش دادم تا بزرگواران راهنمایی ها رو بکنن !!!
Comment