PHP登录与防止数据注入实例演示

程序员文章站 2022-03-03 23:13:14

...

PHP登录与防止数据注入实例演示

首先准备一张简单的用户数据表

PHP登录与防止数据注入实例演示

编写database.php


<?php
return [
    'type' => $type ?? 'mysql',
    'username' => $username ?? 'root',
    'password' => $password ?? 'root',
    'host' => $host ?? 'localhost',
    'port' => $port ?? '3308',
    'charset' => $charset ?? 'utf8',
    'dbname' => 'mydatabase'
];

编写connect.php


<?php
// 1. 把数据库连接配置文件引过来
$config = require_once 'database.php';
extract($config);
// 2. 数据库的连接
$dsn = sprintf('%s:host=%s;port=%s;charset=%s;dbname=%s', $type, $host, $port, $charset, $dbname);
try {
    $pdo = new PDO($dsn, $username, $password);
    //var_dump($pdo);
} catch (PDOException $e) {
    die('Connection error : ' . $e->getMessage());
}


<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>系统登录</title>
</head>
<style type="text/css">
    html {
        overflow-y: scroll;
        vertical-align: baseline;
    }
    body {
        font-family: Microsoft YaHei, Segoe UI, Tahoma, Arial, Verdana, sans-serif;
        font-size: 12px;
        color: #fff;
        height: 100%;
        line-height: 1;
        background: #999
    }
    * {
        margin: 0;
        padding: 0
    }
    ul,
    li {
        list-style: none
    }
    h1 {
        font-size: 30px;
        font-weight: 700;
        text-shadow: 0 1px 4px rgba(0, 0, 0, .2)
    }
    .login-box {
        width: 410px;
        margin: 120px auto 0 auto;
        text-align: center;
        padding: 30px;
        background: url('http://demo.mxyhn.xyz:8020/cssthemes6/11.20ZF8/images/mask.png');
        border-radius: 10px;
    }
    .login-box .name,
    .login-box .password,
    .login-box .code,
    .login-box .remember {
        font-size: 16px;
        text-shadow: 0 1px 2px rgba(0, 0, 0, .1)
    }
    .login-box .remember input {
        box-shadow: none;
        width: 15px;
        height: 15px;
        margin-top: 25px
    }
    .login-box .remember {
        padding-left: 40px
    }
    .login-box .remember label {
        display: inline-block;
        height: 42px;
        width: 70px;
        line-height: 34px;
        text-align: left
    }
    .login-box label {
        display: inline-block;
        width: 100px;
        text-align: right;
        vertical-align: middle
    }
    .login-box #code {
        width: 120px
    }
    .login-box .codeImg {
        float: right;
        margin-top: 26px;
    }
    .login-box img {
        width: 148px;
        height: 42px;
        border: none
    }
    input[type=text],
    input[type=password] {
        width: 270px;
        height: 42px;
        margin-top: 25px;
        padding: 0px 15px;
        border: 1px solid rgba(255, 255, 255, .15);
        border-radius: 6px;
        color: #fff;
        letter-spacing: 2px;
        font-size: 16px;
        background: transparent;
    }
    button {
        cursor: pointer;
        width: 100%;
        height: 44px;
        padding: 0;
        background: #ef4300;
        border: 1px solid #ff730e;
        border-radius: 6px;
        font-weight: 700;
        color: #fff;
        font-size: 24px;
        letter-spacing: 15px;
        text-shadow: 0 1px 2px rgba(0, 0, 0, .1)
    }
    input:focus {
        outline: none;
        box-shadow: 0 2px 3px 0 rgba(0, 0, 0, .1) inset, 0 2px 7px 0 rgba(0, 0, 0, .2)
    }
    button:hover {
        box-shadow: 0 15px 30px 0 rgba(255, 255, 255, .15) inset, 0 2px 7px 0 rgba(0, 0, 0, .2)
    }
    .screenbg {
        position: fixed;
        bottom: 0;
        left: 0;
        z-index: -999;
        overflow: hidden;
        width: 100%;
        height: 100%;
        min-height: 100%;
    }
    .screenbg ul li {
        display: block;
        list-style: none;
        position: fixed;
        overflow: hidden;
        top: 0;
        left: 0;
        width: 100%;
        height: 100%;
        z-index: -1000;
        float: right;
    }
    .screenbg ul a {
        left: 0;
        top: 0;
        width: 100%;
        height: 100%;
        display: inline-block;
        margin: 0;
        padding: 0;
        cursor: default;
    }
    .screenbg a img {
        vertical-align: middle;
        display: inline;
        border: none;
        display: block;
        list-style: none;
        position: fixed;
        overflow: hidden;
        top: 0;
        left: 0;
        width: 100%;
        height: 100%;
        z-index: -1000;
        float: right;
    }
    .bottom {
        margin: 8px auto 0 auto;
        width: 100%;
        position: fixed;
        text-align: center;
        bottom: 0;
        left: 0;
        overflow: hidden;
        padding-bottom: 8px;
        color: white;
        word-spacing: 3px;
        zoom: 1;
    }
    .bottom a {
        color: #FFF;
        text-decoration: none;
    }
    .bottom a:hover {
        text-decoration: underline;
    }
</style>
<script type="text/javascript" src="http://demo.mxyhn.xyz:8020/cssthemes6/11.20ZF8/js/jquery-1.8.2.min.js"></script>
<script type="text/javascript">
    $(function() {
        $(".screenbg ul li").each(function() {
            $(this).css("opacity", "0");
        });
        $(".screenbg ul li:first").css("opacity", "1");
        var index = 0;
        var t;
        var li = $(".screenbg ul li");
        var number = li.size();
        function change(index) {
            li.css("visibility", "visible");
            li.eq(index).siblings().animate({
                opacity: 0
            }, 3000);
            li.eq(index).animate({
                opacity: 1
            }, 3000);
        }
        function show() {
            index = index + 1;
            if (index <= number - 1) {
                change(index);
            } else {
                index = 0;
                change(index);
            }
        }
        t = setInterval(show, 8000);
        //根据窗口宽度生成图片宽度
        var width = $(window).width();
        $(".screenbg ul img").css("width", width + "px");
    });
</script>
<body>
    <div class="login-box">
        <h1>瓜子二手车系统后台登录</h1>
        <form>
            <div class="name">
                <label>管理员账号：</label>
                <input type="text" required name="username" id="" tabindex="1" autocomplete="off" />
            </div>
            <div class="password">
                <label>密 码：</label>
                <input type="password" required name="password" maxlength="16" id="" tabindex="2" />
            </div>
            <!-- <div class="code">
                <label>验证码：</label>
                <input type="text" name="" maxlength="4" id="code" tabindex="3" />
                <div class="codeImg">
                    <img src="images/captcha.jpeg.jpg" />
                </div>
            </div> -->
            <div class="remember">
                <input type="checkbox" id="remember" tabindex="4">
                <label>记住密码</label>
            </div>
            <div class="login">
                <input type="button" name="btn" value="登录">
            </div>
        </form>
    </div>
    <div class="bottom">©2022 </div>
    <div class="screenbg">
        <ul>
            <li><a href="javascript:;"><img src="http://demo.mxyhn.xyz:8020/cssthemes6/11.20ZF8/images/0.jpg"></a></li>
            <li><a href="javascript:;"><img src="http://demo.mxyhn.xyz:8020/cssthemes6/11.20ZF8/images/1.jpg"></a></li>
            <li><a href="javascript:;"><img src="http://demo.mxyhn.xyz:8020/cssthemes6/11.20ZF8/images/2.jpg"></a></li>
        </ul>
    </div>
    <div style="text-align:center;">

    </div>
    <script type="text/javascript">
        // 登录 
        $('input[name="btn"]').click(function() {
            var data = {};
            data.username = $.trim($('input[name="username"]').val());
            data.password = $.trim($('input[name="password"]').val());

            $.post('submit.php', data, function(res) {
                console.log(res);
            }, "json")
        })
    </script>
</body>
</html>

编写submit.php


// 后端接受前端穿过来的参数
$name = isset($_POST['username']) ? $_POST['username'] : null;
$pwd = isset($_POST['password']) ? $_POST['password'] : null;
// 1.连接数据库
require_once 'connect.php';
// 检查密码的正确性
$pwd = md5($pwd);
$stmt = $pdo->query("SELECT * FROM `userinfo` WHERE `username`='{$name}' AND `password` = '{$pwd}' ");
//var_dump($stmt);
foreach ($stmt as $row) {
    print $row['username'] . "\t";
    print $row['password'] . "\t";
    print $row['id'] . "\n";
}

PHP登录与防止数据注入实例演示

正常登录打印，但是当我们在用户名入' or 1=1#

就会发现…

PHP登录与防止数据注入实例演示

数据全给打印出来了。。。

因此，重新编辑submit.php如下


<?php
// 后端接受前端穿过来的参数
$name = isset($_POST['username']) ? $_POST['username'] : null;
$pwd = isset($_POST['password']) ? $_POST['password'] : null;
// 1.连接数据库
require_once 'connect.php';
// 检查密码的正确性
$pwd = md5($pwd);
$stmt = $pdo->query("SELECT * FROM `userinfo` WHERE `username`='{$name}' AND `password` = '{$pwd}' ");
//var_dump($stmt);
// foreach ($stmt as $row) {
//     print $row['username'] . "\t";
//     print $row['password'] . "\t";
//     print $row['id'] . "\n";
// }
// pdo预处理
// 准备一条预处理sql语句
$sql = "SELECT * FROM `user` WHERE `username`= ? AND `password` = ? ";
// 准备要执行的语句，并返回语句对象
$stmt = $pdo->prepare($sql);
// 绑定参数到指定的变量名
$stmt->bindParam(1, $name);
$stmt->bindParam(2, $pwd);
// 执行一条预处理语句
$stmt->execute();
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
var_dump($result);

增加数据库预处理语句，大功告成！

上一篇： php 里 int是什么意思

下一篇：打死不能开烧烤店新手如何开烧烤店（免费指南）

PHP登录与防止数据注入实例演示

PHP登录与防止数据注入实例演示

首先准备一张简单的用户数据表

编写database.php

编写connect.php

编写submit.php

PHP登录与防止数据注入实例演示

php与mysql数据库以及网页登录验证在ubutu 16.04环境下的实例讲解

Yii框架防止sql注入，xss攻击与csrf攻击的方法_php实例

php与mysql数据库以及网页登录验证在ubutu 16.04环境下的实例讲解

PHP登录与防止数据注入实例演示

PHP登录与防止数据注入实例演示

PHP登录与防止数据注入实例演示

首先准备一张简单的用户数据表

编写database.php

编写connect.php

编写login.php

编写submit.php

PHP登录与防止数据注入实例演示

php与mysql数据库以及网页登录验证在ubutu 16.04环境下的实例讲解

Yii框架防止sql注入，xss攻击与csrf攻击的方法_php实例

php与mysql数据库以及网页登录验证在ubutu 16.04环境下的实例讲解

PHP登录与防止数据注入实例演示