Learning Programmer
SQL Injection is injecting SQL Through a Get or Post from a script into the SQL. for Example
member.php?id=6
The code for SQL may be
This would allow the Attacker to Execute a Union Select statement.This would look likeCode:$id = $_GET['id'] $row= mysql_query('select * from `members` where id=$id');
member.php?id=' UNION SELECT concat(username,char(58),password) FROM members
A possible output would be
Affix:d8b9bb5e644429268d274cf03c6d6e06
All you would need to do is crack the hash
So how exactly do you stop this attack?
Its simple. There are many methods of protecting from SQL injection. I use 2. These are the ones Im going to teach you.
If its a simple numerical ID such as the example above Just add a Value Check. In the above code it would look like below.
Now if I tried to execute my Union Statement I would get an errorCode:$id = $_GET['id']; if(!isnumeric($id)) { die("GTFO MY SERVER NOOB"); } [/size][/font]$row= mysql_query('select * from `members` where id=$id');
GTFO MY SERVER NOOB
Now what if you are using a string such as a search. a Union would be used the same way.
This way I would use the 'mysql_real_escape_string'
This would look like
This string it now Properly escaped and will not allow Succesful Execution of SQL Injection.Code:$id = mysql_real_escape_string($_GET['id']);
--------
Any Questions E-Mail : Affix[@]FedoraProject.org
I like the error message
John has already written a SQL Injection tutorial: PHP: SQL Injections
This is just a basic one as you can see. It only shows the very basics, John's is an extensive version.
jQuery Selectors Tutorial - jQuery Striped Table tutorial - jQuery Events - jQuery Validation
Sorry if I don't post as often as I did, I'll try to get here as much as possible! I'm working my bum off to get this scholarship and other stuff!
I can see that, but John's tutorial describes SQL injections in a more comprehensive way, I feel.This is just a basic one as you can see. It only shows the very basics, John's is an extensive version.
It never hurts to see another example.
Is the function isnumeric() your own or a typo for is_numeric()? As a side note, checking for type isn't necessarily a way to protect against SQL injections rather its a means to validate your data, and for table id's I find it better to rely on ctype_digit.
Good info none-the-less.
Learning Programmer
yeah sorry about the typo It was the first tutorial I ever wrote. I wrote this about 3-4 Years ago
That is a long time ago, why not improve it with your new knowledge?
jQuery Selectors Tutorial - jQuery Striped Table tutorial - jQuery Events - jQuery Validation
Sorry if I don't post as often as I did, I'll try to get here as much as possible! I'm working my bum off to get this scholarship and other stuff!
Learning Programmer
I will When I finnish Writing my paper on SQL Injection
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
Originally Posted by Jordan
Bookmarks