Basic Protection from SQL Injection

Status
Not open for further replies.
Baljeet

Baljeet

Member
Jan 31, 2011
76
0
SQL Injection is injecting SQL Through a Get or Post from a script into the SQL. for Example

member.php?id=6

The code for SQL may be

Code: 
$id = $_GET['id']
$row= mysql_query('select * from `members` where id=$id');

This would allow the Attacker to Execute a Union Select statement.This would look like

member.php?id=' UNION SELECT concat(username,char(58),password) FROM members

A possible output would be

Affix:d8b9bb5e644429268d274cf03c6d6e06

All you would need to do is crack the hash

So how exactly do you stop this attack?

Its simple. There are many methods of protecting from SQL injection. I use 2. These are the ones Im going to teach you.

If its a simple numerical ID such as the example above Just add a Value Check. In the above code it would look like below.

Code: 
$id = $_GET['id'];
if(!isnumeric($id)) { die("GTFO MY SERVER NOOB"); }
[/font]$row= mysql_query('select * from `members` where id=$id');

Now if I tried to execute my Union Statement I would get an error

GTFO MY SERVER NOOB

Now what if you are using a string such as a search. a Union would be used the same way.

This way I would use the 'mysql_real_escape_string'

This would look like

Code: 
$id = mysql_real_escape_string($_GET['id']);

This string it now Properly escaped and will not allow Succesful Execution of SQL Injection.

--------

Any Questions E-Mail : Affix[@]FedoraProject.org

All Credits goes to one who really made this...
 
StrongFaith

StrongFaith

New Member
Jul 11, 2010
48
0
PHP: 
<?php
$id = mysql_real_escape_string($_GET['id']);
if(!is_numeric($id)) {
echo "bla";
}
?>
has NOTHING to do for checking if id is valid , actually that is the right code:
PHP: 
<?php
$id = $_GET['id'];
$query = mysql_query("SELECT * FROM members");
while($watever = mysql_fetch_array($query)) {
if($id !== $watever['id']) {
echo "blablabla";
}
}
?>
 
Kryptos

Kryptos

prjRev.com
Jul 21, 2010
2,205
1,252
StrongFaith, are you that stupid? This is t check if the ID is nuneric, to prevent executing the union state query.

Anyways, excellent tutorial and very well explained. Thanks for this
 
StrongFaith

StrongFaith

New Member
Jul 11, 2010
48
0
Bro im not stupid , for example if you put ?id=100 and it doesnt exist , it will give no error , with my source if id doesnt exist it gives an error , it gives error also if id is not numeric.
 
Status
Not open for further replies.

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
☀️  Switch to Light Theme

Latest posts

Top