小伙儿
- 小伙儿 发表了说说放假真不爽,夜夜睡不好
- 小伙儿 2015-06-23 已签到连续签到1天,获得了5个金钱
- 小伙儿 发表了说说想买一双新款耐克鞋, 没钱肿么办
- 小伙儿 2015-06-17 已签到连续签到4天,获得了20个金钱
访问地址
http://cms/frontend/web/index.php?r=admin/main&id=2%20or%201=1
代码如下
namespace frontend\controllers\admin; use yii; use yii\web\Controller; use backend\models\Nav; class MainController extends Controller { public function actionIndex() { var_dump(yii::$app->request->get()); $model = Nav::find(); $model->andWhere([ 'nav_id' => yii::$app->request->get('id') ]); echo $model->createCommand()->getSql(); echo "\n"; $data = $model->asArray()->all(); var_dump($data); } }
结果返回
array(2) { ["r"]=> string(10) "admin/main" ["id"]=> string(8) "2 or 1=1" } SELECT * FROM `mxq_nav` WHERE `nav_id`=:qp0 array(1) { [0]=> array(12) { ["nav_id"]=> string(1) "2" ["nav_pid"]=> string(1) "0" ["nav_type"]=> string(1) "1" ["nav_icon"]=> string(8) "nav-user" ["nav_sort"]=> string(1) "0" ["homePage"]=> string(0) "" ["collapsed"]=> string(1) "0" ["closeable"]=> string(1) "0" ["id"]=> string(4) "user" ["text"]=> string(6) "用户" ["href"]=> NULL ["status"]=> string(1) "1" } }
可以看到YII自动进行了SQL防注入,所以是安全的
真棒真棒真棒真棒
- 小伙儿 赞了回答
访问地址
http://cms/frontend/web/index.php?r=admin/main&id=2%20or%201=1
代码如下
namespace frontend\controllers\admin; use yii; use yii\web\Controller; use backend\models\Nav; class MainController extends Controller { public function actionIndex() { var_dump(yii::$app->request->get()); $model = Nav::find(); $model->andWhere([ 'nav_id' => yii::$app->request->get('id') ]); echo $model->createCommand()->getSql(); echo "\n"; $data = $model->asArray()->all(); var_dump($data); } }
结果返回
array(2) { ["r"]=> string(10) "admin/main" ["id"]=> string(8) "2 or 1=1" } SELECT * FROM `mxq_nav` WHERE `nav_id`=:qp0 array(1) { [0]=> array(12) { ["nav_id"]=> string(1) "2" ["nav_pid"]=> string(1) "0" ["nav_type"]=> string(1) "1" ["nav_icon"]=> string(8) "nav-user" ["nav_sort"]=> string(1) "0" ["homePage"]=> string(0) "" ["collapsed"]=> string(1) "0" ["closeable"]=> string(1) "0" ["id"]=> string(4) "user" ["text"]=> string(6) "用户" ["href"]=> NULL ["status"]=> string(1) "1" } }
可以看到YII自动进行了SQL防注入,所以是安全的