修改了参数化查询功能，防止sql注入攻击篡改数据，之前是只能保护数据机密性，不能保证完整性

2 days ago · 125bf5022b
parent 748a43da4d
commit 125bf5022b
5 changed files with 1372 additions and 12 deletions
--- a/TheBattleCar/.idea/.name
+++ b/TheBattleCar/.idea/.name
@ -0,0 +1 @@
+app.py
--- a/TheBattleCar/.idea/vcs.xml
+++ b/TheBattleCar/.idea/vcs.xml
@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$/.." vcs="Git" />
+  </component>
+</project>
--- a/TheBattleCar/app.log
+++ b/TheBattleCar/app.log
--- a/TheBattleCar/app.py
+++ b/TheBattleCar/app.py
@ -165,6 +165,7 @@ def login():
        password = request.form['password']
        
        cursor = mysql.connection.cursor()
+        # 使用参数化查询检查用户是否存在
        cursor.execute("SELECT * FROM users WHERE username = %s AND password = %s", (username, password))
        user_data = cursor.fetchone()
        cursor.close()
@ -189,19 +190,30 @@ def login():
    return render_template('login.html')

 # 处理数据库语句
-def con_my_sql(sql_code):
+def con_my_sql(sql_code, params=None):
    try:
+        # 尝试连接数据库
        conn.ping(reconnect=True)
-        cursor= conn.cursor(pymysql.cursors.DictCursor)
+        # 创建游标对象，结果以字典形式返回
+        cursor = conn.cursor(pymysql.cursors.DictCursor)
+        # 如果传入了参数，使用参数化查询
+        if params:
+            cursor.execute(sql_code, params)
+        else:
            cursor.execute(sql_code)
+        # 提交事务
        conn.commit()
-        conn.close()
+        # 返回游标对象
        return cursor
    except pymysql.MySQLError as err_massage:
+        # 捕获异常，回滚事务
        conn.rollback()
+        # 关闭连接
        conn.close()
+        # 返回异常类型和异常信息
        return type(err_massage), err_massage
        
+        
 class RegisterForm(Form):
    captcha = StringField(validators=[Length(min=4,max=4,message='校验码格式错误')])
    username = StringField(validators=[Length(min=3,max=10,message='用户名长度必须在3到10个字符之间')])
@ -226,13 +238,16 @@ def register():
            # 静态注册码进行角色注册
            if captcha == "1111":
                role = "侦查者"
-            if captcha == "2222":
+            elif captcha == "2222":
                role = "指挥者"
-            if captcha == "3333":
+            elif captcha == "3333":
                role = "攻击者"
+            else:
+                return '无效的校验码 <a href="/">返回登录</a>'

-            code = "select * from users where username = '%s'" % username
-            cursor_ans = con_my_sql(code)
+            # 使用参数化查询检查用户是否存在
+            code = "SELECT * FROM users WHERE username = %s"
+            cursor_ans = con_my_sql(code, (username,))
            cursor_select = cursor_ans.fetchall()

            if len(cursor_select) > 0:
@ -240,8 +255,9 @@ def register():
            else:
                # 加密密码
                encrypted_password = encrypt_message(password)
-                code = "INSERT INTO users(username, password, role) VALUES('%s', '%s', '%s')" % (username, encrypted_password, role)
-                print(con_my_sql(code))
+                # 使用参数化查询插入新用户
+                code = "INSERT INTO users(username, password, role) VALUES(%s, %s, %s)"
+                con_my_sql(code, (username, encrypted_password, role))
                return '注册成功 <a href="/">返回登录</a>'
        else:
            print(form.errors)
--- a/TheBattleCar/secret.key
+++ b/TheBattleCar/secret.key
@ -1 +1 @@
-cykFDUsS45ugR2oQsP7rGPMkDQK6bXcTJ6HMBdHleuI=
+vnPkFMausWZGX3tSSFMlFJ1n-71Bzha67f_gK9TyklA=