dongzaheng4449 2009-12-15 17:05
浏览 47
已采纳

使用php javascript mysql登录注册系统中的安全问题

I am building a web application from scratch that has registration and login functionality. I am completely a novice when it comes to security issues and attack like mysql injection. Apart from encryption of password in database, what are other security issues that i have to worry about?? And how do i take care of them?? Thank you

  • 写回答

4条回答 默认 最新

  • doujiao1814 2009-12-15 17:46
    关注

    You need to make sure to sanitize all variables in your SQL, if you're not using something like PDO this is done most easily with mysql_real_escape_string

    For example, when you are checking a users credentials your code would look something like:

    $sql = "SELECT `id` FROM `users` WHERE `username` = '".mysql_real_escape_string($_POST['username'])."' AND `password` = '".mysql_real_escape_string($_POST['password'])."'";
    $dosql = mysql_query($sql); // etc
    

    It's also worth adding the following to your login routine to prevent session fixation.

    session_regenerate_id(true);
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题