SQL Injection

Author Topic: SQL Injection  (Read 509 times)

Offline chinmay.sahooTopic starter

  • Trade Count: (0)
  • Full Member
  • ***
  • Thank You 2
  • Posts: 139
  • Karma: 0
    • No Addiction
SQL Injection
« on: 12-30-2015, 03:56:05 »
SQL Injection is a method in which an attacker inserts malicious code into queries that run on your database. Have a look at this example:

$query = "SELECT login_id FROM users WHERE user='$user' AND

Voilà! Anyone can log in as any user, using a query string like http://example.com login.php?user=admin'%20OR%20(user='&pwd=') %20OR%20user=', which effectively calls the following statements:

$query = "SELECT login_id FROM users WHERE
user='admin' OR (user = '' AND pwd='') OR user=''";

It’s even simpler with the URL http://example.com/login.php? user=admin'%23, which executes the query SELECT login_id FROM users WHERE user='admin'#' AND pwd=''. Note that the # marks the beginning of a comment in SQL.

Again, it’s a simple attack. Fortunately, it’s also easy to prevent. You cananitize the input using the addslashes() function that adds a slash before  every single quote ('), double quote ("), backslash (\), and NUL (\0). Other
functions are available to sanitize input, such as strip_tags().


Related Topics

  Subject / Started by Replies Last post
2 Replies
Last post 06-05-2010, 09:34:39
by ryosuzuki
6 Replies
Last post 01-19-2014, 04:46:26
by Kasi Viswanathan
1 Replies
Last post 05-13-2016, 03:09:42
by TomClarke