What is SQL Injection
Is SQL injection familiar with you?? If not then this post is for you. Many web developers are unknown that all the SQL Queries are not trusted command. Yes you read it right. Using SQL Injection can destroy your database easily.
Basically, lack of validation or code which connecting to the database who create user or superuser, attacker may easily create this user or superuser using SQL Injection.
So what is it??
What is SQL Injection
SQL Injection is a technique where a user or attacker input his SQL Command to the SQL Queries via web page form.Injection usually occurs in a web page form. Such as a login form of an admin panel, there you need know username and password for login and instead of a username or password, a attacker gives SQL Command which is successfully run on your database.
How to prevent SQL injection in Registration and Login system in PHP MySQL
SQL Injection Example
Below quires one Is for normal user and another is for attacker trying to put SQL Injection on login form. You will also see the result, after execution of quires.Normal User's
<?php
$name = "John"; // A normal user's name
$query = "SELECT * FROM userdetails WHERE username = '$name'";
echo "Normal User=: " . $query;
?>
$name = "John"; // A normal user's name
$query = "SELECT * FROM userdetails WHERE username = '$name'";
echo "Normal User=: " . $query;
?>
Display Query for Normal User's
Normal User: SELECT * FROM userdetails WHERE username = 'John'
Normal User's query is very simple query just like what we have learned. Query check “username=John” from userdetails table. And get details.
Attacker
<?php
$attacker = "' OR 1'"; // input SQL Injection
$query_for_attacker = "SELECT * FROM userdetails WHERE username = '$attacker'";
echo "SQL Injection: " . $query_for_attacker;
?>
$attacker = "' OR 1'"; // input SQL Injection
$query_for_attacker = "SELECT * FROM userdetails WHERE username = '$attacker'";
echo "SQL Injection: " . $query_for_attacker;
?>
Display Query for Attacker
SQL Injection: SELECT * FROM userdetails WHERE username = " OR 1"
Attacker's input is ' OR 1' so this first single quote (') means attacker have ended the string of MySQL query which is username = ' ' and added with an OR clause of 1 which is always true.
So now username = ' ' OR 1
And this OR 1 is always true.for every query in the table. So attacker easily login into the adminpanel.
Attacker also give an input like
<?php
$attacker = "Smith OR 1=1"; // input SQL Injection
$query_for_attacker = "SELECT * FROM userdetails WHERE username = '$attacker'";
echo "SQL Injection: " . $query_for_attacker;
?>
$attacker = "Smith OR 1=1"; // input SQL Injection
$query_for_attacker = "SELECT * FROM userdetails WHERE username = '$attacker'";
echo "SQL Injection: " . $query_for_attacker;
?>
Display Query for Attacker
SQL Injection: SELECT * FROM userdetails WHERE username = 'Smith OR 1=1'
SQL Injection always true on 1=1
And also SQL Injection true on ""=""
You may also like
Comments ( 1 )
Admin Nityainc:
nice article...
nice article...
Admin:
thank you
thank you
Subscribe Latest Information
Categories
Most Popular Posts
How to Withdraw Money from ATM Machine 7steps 1169691 Views
How to Create Chat Application in Android Studio 148221 Views
How to Create a Shopping Cart Application in Android 110532 Views
You May Like Also
Search Box with Result using jQuery Ajax PHP 11559 Views
SEO Friendly URLs using PHP with HTACCESS 7421 Views
How to Integrate CKEditor in Web Page using PHP 12657 Views