如何修复linux中的mysql注入

chinauren

linux 安装的是红帽5，mysql是mysql-server-5.0.22-2.1.i386.rpm，x-scan扫描出有注入漏洞
描述为


这个脚本会试图在CGI脚本上使用SQL注入技术

___________________________________________________________________


The following URLs seem to be vulnerable to various SQL injection
techniques :

/logincheck.php?UNAME='UNION'
/logincheck.php?UNAME='
/logincheck.php?UNAME='%22
/logincheck.php?UNAME='bad_bad_value
/logincheck.php?UNAME=bad_bad_value'
/logincheck.php?UNAME='WHERE
/logincheck.php?UNAME='OR
/logincheck.php?UNAME=' or 1=1--
/logincheck.php?UNAME=' or 'a'='a
/logincheck.php?UNAME=') or ('a'='a



An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.


Solution : Modify the relevant CGIs so that they properly escape arguments
Risk factor : High
See also : http://www.securiteam.com/securityreviews/5DP0N1P76E.html
NESSUS_ID : 11139

feillex

这是php代码的问题，修改logincheck.php

kafka0102

mysqli_real_escape_string下存储的字段

taluyi

不太懂，不过应该不是mysql的问题

chinauren

如何修改logincheck.php,希望指教

chenyx

过滤用户输入.