SQL Injection

Author Topic: SQL Injection  (Read 724 times)

Offline chinmay.sahooTopic starter

  • Trade Count: (0)
  • Full Member
  • ***
  • Thank You 2
  • Posts: 159
  • Karma: 0
    • Hot Shaper
SQL Injection
« on: 12-30-2015, 03:56:05 »
SQL Injection is a method in which an attacker inserts malicious code into queries that run on your database. Have a look at this example:

Quote
<?php
$query = "SELECT login_id FROM users WHERE user='$user' AND
➥pwd='$pw'";
mysql_query($query);
?>

Voilà! Anyone can log in as any user, using a query string like http://example.com login.php?user=admin'%20OR%20(user='&pwd=') %20OR%20user=', which effectively calls the following statements:

Quote
<?php
$query = "SELECT login_id FROM users WHERE
user='admin' OR (user = '' AND pwd='') OR user=''";
mysql_query($query);
?>

It’s even simpler with the URL http://example.com/login.php? user=admin'%23, which executes the query SELECT login_id FROM users WHERE user='admin'#' AND pwd=''. Note that the # marks the beginning of a comment in SQL.

Again, it’s a simple attack. Fortunately, it’s also easy to prevent. You cananitize the input using the addslashes() function that adds a slash before  every single quote ('), double quote ("), backslash (\), and NUL (\0). Other
functions are available to sanitize input, such as strip_tags().


 

Related Topics

  Subject / Started by Replies Last post
2 Replies
2602 Views
Last post 06-05-2010, 09:34:39
by ryosuzuki
6 Replies
3102 Views
Last post 01-19-2014, 04:46:26
by Kasi Viswanathan
1 Replies
702 Views
Last post 05-13-2016, 03:09:42
by TomClarke