1. Introduction to is_numberic function
Some domestic CMS programs have used the is_numberic function. Let's take a look at the structure of this function first.
bool is_numeric (mixed $var)
Returns TRUE if var is a numeric and a numeric string, otherwise returns FALSE.
2. Is the function safe?
Next, let’s take a look at an example to illustrate whether this function is safe.
The code copy is as follows: $s = is_numeric($_GET['s'])?$_GET['s']:0;
$sql="insert into test(type)values($s);"; //is values($s) Not values('$s')
mysql_query($sql);
The above fragment program determines whether parameter s is a number, and returns a number if it is not, return 0, and then brings it into the database query. (This way, SQL statements cannot be constructed)
We convert '1 or 1' to hexadecimal 0x31206f722031 as the value of the s parameter
After the program is run, we query the database to see, as shown in the figure below:
If you re-query the fields of this table and don't filter and bring another SQL statement, it will cause 2 injections.
3. Summary
Try not to use this function. If you want to use this function, it is recommended to use standard SQL statements and add single quotes in the condition, so that the hexadecimal 0x31206f722031 will be displayed in the database. 1 or 1 will not appear.