SQL Injection Attacks ?? Script Php

gilang38 · 04-15-2010, 05:20 AM

SQL Injection Attacks ?? Script Php

An SQL injection attack occurs when an attacker exploits a legitimate user input mechanism on your site to send SQL code that your unsuspecting script will pass on to the database to execute. The golden rule: escape all data from external sources before letting it near your database. That rule doesn’t just apply to INSERT and UPDATE queries, but also to SELECT queries.

No doubt many PHP developers have been saved from the worst SQL injection attacks by the limitations of MySQL, which will only allow a single SQL statement to be performed with each call to mysql_query. On other databases, the effect of an SQL injection can be disastrous, as an attacker can send a second query that, for example, deletes the entire contents of a table. With MySQL, however, problems can still occur, as the following code demonstrates:

Quote:

$sql = “SELECT * FROM users
WHERE username=’” . $_POST['username'] . “‘
AND password=’” . $_POST['password'] . “‘”;
echo ‘Query: ‘ . $sql . ‘<br />’;
$result = mysql_query($sql);$rows = mysql_num_rows($result);
if ($rows > 0) {
echo ‘You are logged in!<br />’;
} else {
echo ‘You are not allowed here!<br />’;
}
?>
<form method=”post” action=”<?php echo $_SERVER['PHP_SELF']; ?>”>
<input type=”text” name=”username” /><br />
<input type=”text” name=”password” /><br />
<input type=”submit” />
</form>

A savvy attacker could simply enter the following in the form’s password field:

‘ OR username LIKE ‘%

Assuming magic quotes is disabled on your server, and you have no other measures in place to prevent it, this clever attack alters the meaning of the query:

SELECT * FROM users
WHERE username=” AND password=” OR username LIKE ‘%’

The modified query will select all records in the user table! When the script checks whether any users matched the supplied user name and password combination, it will see this big result set and grant access to the site!

This can be prevented if we escape the incoming variables:

$sql = “SELECT * FROM users
WHERE username=’” . safeEscapeString($_POST['username']) . “‘
AND password=’” . safeEscapeString($_POST['password']) . “‘”;

In some cases, depending on the circumstances, this may not be necessary. But if you value your sleep, remember that golden rule: escape all data from external sources.

More tutorial About php please visit : Register to see links

trichnosis · 04-15-2010, 12:22 PM

great tutorial about the sql injections and how to prevent them + rep

chris · 04-30-2010, 12:13 PM

Good tutorial.

Although every major login script already escapes all unwanted characters from the form data. Just browse your favorite PHP script repository...

Btw... If you use MySQL, then PHP has already a native function that takes care of this: mysql_real_escape_string(). More Register to see links!

alexcarlson · 05-17-2010, 03:17 PM

Really a nice tutorial. I enjoyed it.

alexcarlson · 05-28-2010, 10:44 AM

Hello,
I do not have much knowledge on SOL. But I think the best work will be to take a help of any expert.
Thanks.

bratwurst99 · 08-31-2010, 07:06 PM

If you don't have much knowledge, maybe you should Google it :-)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode