LAMP, a commonly used web development combination. Linux, Apache, MySql and PHP. Since, the language, PHP is designed for web developing, the language is very simple and anyone can learn it easily. And combining it with MySQL allows you to build very powerfull web sites.
There is one dangerous mistake that some people may do. Directly passing the values from the user to the database. How it could be so dangerous? I’ll show you an example.
Let’s say you have a login form and line like this in the action page.
$result=mysql_query(“SELECT * FROM users WHERE username=’”.$_POST['username'].”‘ AND pwd=’”.$_POST['password'].”‘”) ;
Normally, The script will add the values from the user into the sql query. So, It will be something like :
SELECT * FROM users WHERE username=’sandaruwan’ AND pwd=’secret’
There is nothing wrong with it. But let’s say, Instead of typing my username, if i type something like :
sandaruwan’#
What would happen? The script will insert this statement into the query. So, It will be something like :
SELECT * FROM users WHERE username=’sandaruwan’#’ AND pwd=’secret’
The symbol # means, comment out the rest of the query. In that case, the final query is like :
SELECT * FROM users WHERE username=’sandaruwan’
So, no matter what is the password, The script will allow you to login. Very simple!!! but effective.
#1 by Backspace on March 1st, 2006
Quote
I hear that they have “patched” the SQL injection “bug” in most systems. I tried it out on a couple of mail servers I know and none of it worked. Would a more complex query solve the problem? Or have they introduced some sort of an intermediate error-checking script??
Thanks for the info.
#2 by Sandaruwan Gunathilake on March 1st, 2006
Quote
Basically, getting rid of SQL Injection is damn easy. For example in PHP it is just calling addslashes function. So, almost every form is protected againts SQL Injection. You have to find out a vulrenable form to do that.
#3 by Dave on March 3rd, 2006
Quote
Hi
Can you tell us anything about php mail injection attacks? More particularly how to stop them!
Thank
Dave
#4 by Cakrabirawa on May 30th, 2006
Quote
Good day!
Uhm, thanks for the information. But why don’t you tell us more injection string?
Thanks
http://come.to/digitalworks
#5 by DevOne on June 21st, 2006
Quote
Nice article, but too short if you ask me. Maybe you should try expanding it with further examples and so.
#6 by Tony on December 29th, 2006
Quote
Hi,
I think all SQL injection tricks have been patched,I tried out most, but they didnt worked out. So, look on to new and keep publishing.
#7 by ketan on January 12th, 2007
Quote
i have made login page how would i avoid sql injection i am using ms-sql and i have created web application using asp.net
#8 by cyberhacker665 on February 21st, 2007
Quote
thanks i am a noob at php still and i want to start my own cms so this will help