Programming Tutorials

What is SQL Injection

By: Emiley J. in MySQL Tutorials on 2008-11-23  

SQL Injection is a method in which an attacker inserts malicious code into queries that run on your database. Have a look at this example:

<?php
$query = "SELECT login_id FROM users WHERE user='$user' AND pwd='$pw'";
mysql_query($query);
?>

Voila ! Anyone can log in as any user, using a query string like http://example.com/login.php?user=admin'%20OR%20(user='&pwd=')%20OR%20user=', which effectively calls the following statements:

<?php
$query = "SELECT login_id FROM users WHERE user='admin' OR (user = '' AND pwd='') OR user=''";
mysql_query($query);
?>

It's even simpler with the URL http://example.com/login.php?user=admin'%23, which executes the query SELECT login_id FROM users WHERE user='admin'#' AND pwd=''. Note that the # marks the beginning of a comment in SQL.

Again, it's a simple attack. Fortunately, it's also easy to prevent. You can sanitize the input using the addslashes() function that adds a slash before every single quote ('), double quote ("), backslash (\), and NUL (\0). Other functions are available to sanitize input, such as strip_tags().






Add Comment

* Required information
1000

Comments

No comments yet. Be the first!

Most Viewed Articles (in MySQL )

Use a dynamic table name in a SQL Server SELECT statement

Table __________ is marked as crashed and should be repaired.

Modify a auto_increment id column in mysql to accept a 5 digit random number instead

sql if null then 0

Querying the Database in MySQL

Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them.

Finding slow queries in MySQL - Enable slow query log.

mysqldumpslow in MySQL - Summarize slow query log.

What is SQL Injection

MySQL Strengths and Weaknesses

Inserting Data into Tables in MySQL

ERROR 1251: Client does not support authentication protocol requested by server; consider upgrading MySQL client

Sample my.cnf (my.ini) for MySQL with 1GB RAM

Changing the Structure of an Existing Table in MySQL

Modifying data and using WHERE clause in MySQL

Latest Articles (in MySQL)