接下来,贴上登录界面的源代码:
- <html>
-
- <head>
-
- <title>Sql注入演示</title>
-
- <meta http-equiv="content-type" content="text/html;charset=utf-8">
-
- </head>
-
- <body >
-
- <form action="validate.php" method="post">
-
- <fieldset >
-
- <legend>Sql注入演示</legend>
-
- <table>
-
- <tr>
-
- <td>用户名:</td><td><input type="text" name="username"></td>
-
- </tr>
-
- <tr>
-
- <td>密 码:</td><td><input type="text" name="password"></td>
-
- </tr>
-
- <tr>
-
- <td><input type="submit" value="提交"></td><td><input type="reset" value="重置"></td>
-
- </tr>
-
- </table>
-
- </fieldset>
-
- </form>
-
- </body>
-
- </html>
|
附上效果图:
当用户点击提交按钮的时候,将会把表单数据提交给validate.php页面,validate.php页面用来判断用户输入的用户名和密码有没有都符合要求(这一步至关重要,也往往是SQL漏洞所在)
代码如下:
- <html>
-
- <head>
-
- <title>登录验证</title>
-
- <meta http-equiv="content-type" content="text/html;charset=utf-8">
-
- </head>
-
- <body>
-
- <?php
-
- $conn=@mysql_connect("localhost",'root','') or die("数据库连接失败!");;
-
- mysql_select_db("injection",$conn) or die("您要选择的数据库不存在");
-
- $name=$_POST['username'];
-
- $pwd=$_POST['password'];
-
- $sql="select * from users where username='$name' and password='$pwd'";
-
- $query=mysql_query($sql);
-
- $arr=mysql_fetch_array($query);
-
- if(is_array($arr)){
-
- header("Location:manager.php");
-
- }else{
-
- echo "您的用户名或密码输入有误,<a href=\"Login.php\">请重新登录!</a>";
-
- }
-
- ?>
-
- </body>
-
- </html>
|