Like Us on Facebook

What is SQL Injection

Is SQL injection familiar with you?? If not then this post is for you. Many web developers are unknown that all the SQL Queries are not trusted command. Yes you read it right. Using SQL Injection can destroy your database easily.

Basically, lack of validation or code which connecting to the database who create user or superuser, attacker may easily create this user or superuser using SQL Injection.

So what is it??

SQL Injection UandBlog
 

What is SQL Injection

SQL Injection is a technique where a user or attacker input his SQL Command to the SQL Queries via web page form.

Injection usually occurs in a web page form. Such as a login form of an admin panel, there you need know username and password for login and instead of a username or password, a attacker gives SQL Command which is successfully run on your database.

How to prevent SQL injection in Registration and Login system in PHP MySQL
 
 

SQL Injection Example

Below quires one Is for normal user and another is for attacker trying to put SQL Injection on login form. You will also see the result, after execution of quires.

Normal User's

<?php        
        $name = "John";  // A normal user's name
        $query = "SELECT * FROM userdetails WHERE username = '$name'";
        echo "Normal User=: " . $query;
?>


Display Query for Normal User's 

Normal User: SELECT * FROM userdetails WHERE username = 'John'

Normal User's query is very simple query just like what we have learned. Query check “username=John” from userdetails table. And get details.


Attacker

<?php
        $attacker = "' OR 1'"; // input SQL Injection
        $query_for_attacker = "SELECT * FROM userdetails WHERE username = '$attacker'";
        echo "SQL Injection: " . $query_for_attacker;
?>


Display Query for Attacker 

SQL Injection: SELECT FROM userdetails WHERE username = " OR 1"

Attacker's input is ' OR 1' so this first single quote (') means attacker have ended the string of MySQL query which is username = ' ' and added with an OR clause of 1 which is always true.

So now username = ' ' OR 1

And this OR 1 is always true.for every query in the table. So attacker easily login into the adminpanel.
 

Attacker also give an input like 

<?php
        $attacker = "Smith OR 1=1"// input SQL Injection
        $query_for_attacker = "SELECT * FROM userdetails WHERE username = '$attacker'";
        echo "SQL Injection: " . $query_for_attacker;
?>


Display Query for Attacker 

SQL Injection: SELECT FROM userdetails WHERE username = 'Smith OR 1=1'

SQL Injection always true on 1=1

And also SQL Injection true on ""=""
 

Posted By UandBlog

UandBlog is a Global Leading source of Finance, Health, Lifestyle, Technology, Gaming and Programing and other information, it is a fastest growing blog for all , for latest post or information like us on facebook , follow on Twitter, Google+ and Pinterest.

Comments ( 1 )

Admin Nityainc:
nice article...
Admin:
thank you

    Leave a comment..

    Click to login.