实训第六天
- 网站漏洞回顾(LNMP)
环境搭建——LiteXP、phpstudy
Sqli-labs、XSS-labs、upload-labs
- php代码学习
编写连接security数据库的php脚本
<?php
echo "<h1>查询结果</h1>";
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "security";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $conn->prepare("SELECT username, password FROM users WHERE id=:id");
$stmt->bindParam(':id', $id);
echo 'search id =<span style="font-size:30px;"> ';
$id = $_POST['id'];
echo $id;
echo '</span><br>';
echo 'search result:<br>';
$stmt->execute();
foreach ($stmt as $row) {
echo '<b style="font-size:30px;">username: '.$row['username'].'</b><br>';
echo '<b style="font-size:30px;">password: '.$row['password'].'</b>';
}
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}
$conn = null;
?>
尝试sql注入失败