What is SQL Injection

By: Emiley J. Printer Friendly Format

SQL Injection is a method in which an attacker inserts malicious code into queries that run on your database. Have a look at this example:

<?php

$query = "SELECT login_id FROM users WHERE user='$user' AND pwd='$pw'";

mysql_query($query);

Voilà! Anyone can log in as any user, using a query string like http://example.com/login.php?user=admin'%20OR%20(user='&pwd=')%20OR%20user=', which effectively calls the following statements:

<?php

$query = "SELECT login_id FROM users WHERE user='admin' OR (user = '' AND pwd='') OR user=''";

mysql_query($query);

It’s even simpler with the URL http://example.com/login.php?user=admin'%23, which executes the query SELECT login_id FROM users WHERE user='admin'#' AND pwd=''. Note that the # marks the beginning of a comment in SQL.

Again, it’s a simple attack. Fortunately, it’s also easy to prevent. You can sanitize the input using the addslashes() function that adds a slash before every single quote ('), double quote ("), backslash (\), and NUL (\0). Other functions are available to sanitize input, such as strip_tags().

Most Viewed Articles (in MySQL )

ERROR 1251: Client does not support authentication protocol requested by server; consider upgrading MySQL client

Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them.

Table __________ is marked as crashed and should be repaired.

MySQL Strengths and Weaknesses

Querying the Database in MySQL

Deleting Data in MySQL

What is SQL Injection

Changing the Structure of an Existing Table in MySQL

Inserting Data into Tables in MySQL

Modifying data and using WHERE clause in MySQL

Latest Articles (in MySQL)