0

name我是一个长期的 MySQL 用户,最近决定升级到 PHP 5.5 并建立一个基于 PDO 的新网站。由于我非常关心通过注入的安全性并且没有 mysql_real_escape 方便我的 PDO 开发,我基本上想知道我的代码注入是否安全?

这是我的测试脚本,谢谢!

<?php
try {
  $DB = new PDO("mysql:host=localhost;dbname=dbtest", "dbtest", "TbhPXM!Wv9sz");
  $DB->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
}  
catch(PDOException $e) {  
    echo "<div style='text-align: center; margin-top: 100px; font-size: 21px; font-weight: bold;'>Damn, your experiencing technical issues with our website. An administrator has been notified and will address the issue shortly.<br /><br />T_T</div>";  
    file_put_contents('error.txt', $e->getMessage()."\n", FILE_APPEND);  
}

if (isset($_POST['RegUser']) && isset($_POST['Username']) && isset($_POST['Password'])) {
    try { 
    $stmt = $DB->prepare("INSERT INTO users (name, pass) VALUES (:name, :pass)");
    $stmt->bindParam(':name', $name);
    $stmt->bindParam(':pass', $pass);
    $name = $_POST['Username'];
    $options = ['cost' => 12,'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),];
    $pass = password_hash($_POST['Password'], PASSWORD_BCRYPT, $options)."\n";
    $stmt->execute();
    }
    catch(PDOException $e) {
        echo "Registration Failed, Try another username.";
    }
}

if (isset($_POST['Login']) && isset($_POST['Username']) && isset($_POST['Password'])) {

    $name = $_POST['Username'];
    $STH = $DB->prepare('SELECT name, pass from users where name=:name LIMIT 0,1');
    $STH->bindParam(':name', $name);
    $STH->execute();
    $STH->setFetchMode(PDO::FETCH_ASSOC);
    if ($STH->rowCount() == 1) {
        while($row = $STH->fetch()) {  
            $hash = $row['pass'];
            if (password_verify($_POST['Password'], $hash)) {
                echo 'Password is valid!';
                session_start();
                $_SESSION['logged'] = true;
                $_SESSION['name'] = $row['name'];
                $_SESSION['pass'] = $row['pass'];
            } else {
                echo 'Invalid password.';
            }  
        }
    } else {
        echo "User Not Found!";
    }

}
?>
<form action="index.php" method="post" target="_self" enctype="multipart/form-data">
<input type="text" placeholder="Username" size="40" name="Username" /><br />
<input type="text" placeholder="Password" size="40" name="Password" /><br />
<input type="submit" value="Register" name="RegUser" />
</form><br />
<form action="index.php" method="post" target="_self" enctype="multipart/form-data">
<input type="text" placeholder="Username" size="40" name="Username" /><br />
<input type="text" placeholder="Password" size="40" name="Password" /><br />
<input type="submit" value="Login" name="Login" />
</form>
<?php

if (isset($_SESSION)) {
    var_dump($_SESSION);
}

if (isset($_SESSION['logged']) && $_SESSION['logged'] == true) {
    echo "Hey ".$_SESSION['name'].", Welcome back!";
}

$DB = null;
4

1 回答 1

2

它对 SQL 注入是安全的(尽管您可以使用bindValueor缩短代码execute(array()))。

哈希看起来不错。

echo "Hey ".$_SESSION['name'].", Welcome back!";如果您正在回显 HTML,则允许 XSS。您应该使用htmlspecialchars($_SESSION['name']).

于 2013-07-22T14:00:14.400 回答