sqlite3 查看表结构 select * from sqlite_master where type="table" and name="emperors";

users 表 CREATE TABLE users(userid integer primary key autoincrement, name varchar(512) not null, email varchar(512) not null, pwd varchar(512) not null, role integer not null); INSERT INTO users (name, email, pwd, role) VALUES ('admin', 'admin@admin.com', 'pwd', 0); INSERT INTO users (name, email, pwd, role) VALUES ('normal', 'normal@normal.com', 'pwd', 1);

orders 表 pid用-分割，qty也用-分割，123-456；1-2；表示购买的产品pid是123和456，数量分别是1个和两个。status，表示这个订单状态。0 未支付，1支付成功。 CREATE TABLE orders(orderid integer primary key autoincrement, pid varchar(512) not null, qty varchar(512) not null, userid integer not null, hash varchar(512) not null, status integer not null); INSERT INTO orders (pid, qty, userid, hash, status) VALUES ('1-2', '1-1', 1, 'product hash', 1);

// sql 注入攻击 // 恒真恒假测试 'and'1'='2 'and'1'='1 ' or '1'='1

//登录距离 $sql = "SELECT * FROM users WHERE name='{$_POST['name']}' AND pwd='{$_POST['pwd']}'"; // 用户注入 $_POST['user'] = 'john'; $_POST['pwd'] = "' OR ''='"; // 真正执行的sql语句 SELECT * FROM users WHERE name='xiaobing' AND pwd='' OR ''=''; // 解决办法：mysql real_escape_string、PDO quote、预处理、参数化查询（parameterized SQL statements）https://stackoverflow.com/questions/5857386/how-to-avoid-sql-injection-in-codeigniter

// https://codeigniter.com/user_guide/libraries/input.html // To return all POST items and pass them through the XSS filter set the first parameter NULL while setting the second parameter to boolean TRUE.

Proper and vigorous context-dependent output sanitizations key words: context-dependent, context-aware, context-sensitive, Auto-Escape https://security.googleblog.com/2009/03/reducing-xss-by-way-of-automatic.html

注意修改：application/conrollers/Upload.php 中静态的文件存储路径。

xss 和 sql 注入 警告