forumi|=> PHP, MySql
|SQL injection (Tavdacva)

gaiget raime ? :)
Diax: 87%
Ara: 12%
გამოკითხულია: 8
გზავნილი
1. Skidrow (Off)
[ 29 Sep 2013, 13:44 ]
eseigi ra aris SQL ineqcia?
es aris klasikuri sheteva sql bazaze ris shedegadac chven vgebulobt
monacemebs romelic inaxeba shemdeg monacemta bazashi.
arsebobs ineqciis ori gza,chveulebrivi romelic martivia da blind shedarebit rtuli.
rogor gavigot tydeba tu ara esa tu is saiti?
pirveli rigshi chven saitze vezebt cvlads romelsac cwvdoma aqvs bazastan
anu im cvladit vigebt shesabamis query s.
magalitad chven vxedavt saitze shemdeg rames :
Mag: Srulad Naxva
kargi shevamowmod URL http://site.ge/index.php?do=news&id=2
kagria chven shevdzlebt shetevas ratqmaunda tu daucvelia.
shevamowmot,davamatod links boloshi raime quote:
http://site.ge/index.php?do=news&id=2'
aris shecdoma ? Ok chven shevdzlebt shetevas.
me mets am temashi agar gavagdzeleb radganac es tema aris tavdacvaze da
ara shetevaze.
me am temashi agixsenit rom sheamowmot tqveni saitis daculoba.
rogor davicva?
arsebobs tavdacvis bevri funqcia magram radganac mec xshirad am funqciebs
viyeneb da professoric modit visaubrot am ori funqciis gamoyenebaze.
htmlspecialchars rashi gvchirdeba? es funqcia aris imistvis ro
rata egredwodebuli quote bi ar iqnas agqumli da sataveshi bolo mougos mas:D
ai magalitad: <script>alert('script');</script>
es funqia roar sruldeba eg swored misi damsaxurebaa.
ratqmaunda sxva funqciebic arsebobs romelzec shemdgom visaubrot.
brdzaneba shemdegi $id=htmlspecialchars($id); pirobitad ID.
aseve arsebobs intval funqia romelic uzrunvelyops cvladis mtel ricxvad gamocxadebas.
$id = intval($_REQUEST['id']);
mtliani brdzaneba:
$id = htmlspecialchars(mysql_escape_string($id));
[Pasuxi][Cit]|
__________
bolo redaqtireba 29 Sep 2013, 17:12; sul 1 -jer
2. Bing (Off)
[ 29 Sep 2013, 13:59 ]
ციტატა: Skidrow barem dagewera srulad rogor xdeba tavdacva
[Pasuxi][Cit]|
3. Skidrow (Off)
[ 29 Sep 2013, 14:06 ]
Bing,me ro eg davwero sxva mainc ver chawvdeba,aseve arsebobs tavdacvis sxvadasxva xexrebi romeltac albat veravin chamotvlis,modit aq ar vioftopod da ubralod davwerod , rogor davicvad romelime cvladi.an shekitxvebi raime konkretul magalitze da ara zogadad.
[Pasuxi][Cit]|
4. professor (Off)
[ 29 Sep 2013, 15:48 ]
ციტატა: Skidrow nelnela daaredaqtire sheni pirveli posti da kargad auxseni ra aris saertod sql injection-i.
me cvladebs vfiltrav htmlspecialchars
da
mysql_real_escape_string
dziritadad am or funqcias viyeneb. :)
[Pasuxi][Cit]|
5. Skidrow (Off)
[ 29 Sep 2013, 17:15 ]
aba naxet )
[Pasuxi][Cit]|
6. Bing (Off)
[ 29 Sep 2013, 17:24 ]
ციტატა: professor filter_var da filter_input ar iyeneb?xo htmlspecialchars it mqonda gafiltruli phplearnze statiebis failebi
[Pasuxi][Cit]|
7. Skidrow (Off)
[ 29 Sep 2013, 17:27 ]
Bing,me agvnishne rom xshirad gamoyenebuli filtrebiatqo,yvela filtraciis funqcias me xoar davwer,es marto chemi tema araa tqvenc daweret.
[Pasuxi][Cit]|
8. Bing (Off)
[ 29 Sep 2013, 17:28 ]
ციტატა: Skidrow mysqlstan dakavshirebul querebze shen ra xerxit icav? :)
[Pasuxi][Cit]|

<<wina. | shemdegi>>
1,2,3,4

პასუხი თემაზე
მთავარ გვერდზე
Save .txt

პლიუსი თემას