Hi ,
What is SQL injuction ??
What is SQL injuction ??
-
-
Hi,
the correct word is: 'injection'
check this resource:
http://en.wikipedia.or g/wiki/SQL_injection
Svet -
Since this is a pure SQL question I have moved it to the MySQL forum.
moderator
See also the complete article by Chris Shiflett at Security Corner: SQL InjectionOriginally posted by chris shiflett
Ronald :cool:Comment
-
To boil it down to it's simplest terms it is when a user puts in input that contains SQL (i.e. puts password "pass' OR 1=1") in hopes that when this is combined with a sql statement like:Originally posted by ronverdonk
This could result in the sql beingCode:$sql = 'SELECT count(*) FROM users WHERE name = $name AND password = $pass';
Now if the user and pass don't match you SHOULD get 0 rows, but since there was sql injection you'll now always get all of the rows and possibly gain access to a site you shouldn't.Code:SELECT (*) FROM users WHERE name = 'brando' AND password = '' OR 1=1
Comment
-
Just to add to b1randon's post:
Imagine what happens if you prompt for a userid to get that particular user's row deleted! And someone specifies, when prompted for the userid: '123 OR 1=1'
The resulting MySQL statement would then be:
effectively deleting all the rows in the table.Code:DELETE FROM table WHERE userid=123 OR 1=1;
Ronald :cool:Comment
-
Ohhh very evil Ron! I like it >:)Originally posted by ronverdonkComment
-
Just see what you could do with financial software, like updating a bank account!
Ronald :cool:Comment
-
seeing as were talking about sql injection there's a problem i've been having. someone is accessing one of my sites just to mess around and cause trouble and i've added the add slashes command but he is now using hex values to bypass that. but i don't know exactly how that works so if someone know how hex sql injection works could you tell me so i can learn how to prevent it.
example here is the hex for 1'or'1'='1
thanks allCode:%31%27%6f%72%27%31%27%3d%27%31
Comment
-
Since I do not know what your input data is and what data type, I must guess.Originally posted by tolkienarda
Most important is to know what your data is. If you do an operation on a numeric field, just test if the field is numeric before you use it. And then check the maximum value. Or force it to be numeric with the type cast like [php]$uid=int ($uid);[/php]. A cast forces PHP to perform a type conversion. If the input is not entirely numeric, only the leading numeric portion is used. If it starts with alpha or is all-alpha the conversion results in 0. So this is very effective with numeric fields.
If you use a char field, enclose it in single quotes and escape it.
Ronald :cool:Comment
-
Is there such an expression as "SQL injunction"?
I was asked about this via PM recently, but told the person to post the question in a forum. That may or may not have been the souirce of this thread.Comment
-
No, this thread's title was indeed 'What is SQL injunction'. I changed that title to the current one to avoid confusion.Originally posted by Killer42
Ronald :cool:Comment
-
Ah! I see the source of the problem now. I still have the PM, and on re-reading, it actually says "How to protect the PHP code from SQL Injuction attacks". :)Originally posted by ronverdonk
I read this as a mis-typed injunction.Comment
-
What is one character more or less among friends?
Ronald :cool:Comment
-
Hi Sandip,Originally posted by gsandip
Following link will give you basic information of injection in mysql...
http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.phpComment
-
Thanks kalpit and welcome to The Scripts!. That is a very useful tutorial.Originally posted by kalpit
Ronald :cool:Comment
Comment