1
2 3 HTML Injection - Stored (Blog)
4 5 php echo(
$_SERVER["SCRIPT_NAME"]);?>" method="POST">
6 7 51 52 53 54 55 56
57
58
59
60 # |
61 Owner |
62 Date |
63 Entry |
64
65
66
// 上面是html,下面开始是PHP源码
67 php
68
69 // Selects all the records
70
71 $entry_all = isset($_POST["entry_all"]) ? 1 : 0;
72
73 if($entry_all == false)
74 {
75
76 $sql = "SELECT * FROM blog WHERE owner = \'" . $_SESSION["login"] . "\'";
77
78 }
79
80 else
81 {
82
83 $sql = "SELECT * FROM blog";
84
85 }
86
87 $recordset = $link->query($sql);
88
89 if(!$recordset)
90 {
91
92 // die("Error: " . $link->connect_error . "
");
93
94 ?>
95
96
97 die("Error: " . $link->error);?> |
98
103
104
105
106 php
107
108 }
109
110 while($row = $recordset->fetch_object())
111 {
112
113 if($_COOKIE["security_level"] == "1" or $_COOKIE["security_level"] == "2")
114 {
115
116 ?>
117
118
119 echo $row->id; ?> |
120 echo $row->owner; ?> |
121 echo $row->date; ?> |
122 echo xss_check_3($row->entry); ?> |
123
124
125
126 php
127
128 }
129
130 else
131 {
132
133 ?>
134
135
136 echo $row->id; ?> |
137 echo $row->owner; ?> |
138 echo $row->date; ?> |
139 echo $row->entry; ?> |
140
141
142
143 php
144
145 }
146
147 }
148
149 $recordset->close();
150
151 $link->close();
152
153 ?>
154
155 156 1 function htmli($data)
2 {
3
4 include("connect_i.php"); //链接数据库
5
6 switch($_COOKIE["security_level"]) //检测级别在COOKIE里
7 {
8
9 case "0" :
10
11 $data = sqli_check_3($link, $data);
12 break;
13
14 case "1" :
15
16 $data = sqli_check_3($link, $data);
17 // $data = xss_check_4($data);
18 break;
19
20 case "2" :
21
22 $data = sqli_check_3($link, $data);
23 // $data = xss_check_3($data);
24 break;
25
26 default :
27
28 $data = sqli_check_3($link, $data);
29 break;
30
31 }
1 function sqli_check_3($link, $data)
2 {
3
4 return mysqli_real_escape_string($link, $data);
5
6 }