Creating a website to test SQL injection
Moderator: General Moderators
Creating a website to test SQL injection
well, I'm desepreatly trying to create a website so I can try the use of SQL injection.
I used MySql server 5.1 to create a database named website and it has a table of members. I've added some random members with their name, password, email, etc. What I want to do now is create with PHP a SIMPLE website with its login and password. What I don't know is how can I connect to my sql I just did. Do I have to export my database to a .sql file? I don't have any host to upload the files, can I try it in my own PC? How? How would mysql_connect() be?
I used MySql server 5.1 to create a database named website and it has a table of members. I've added some random members with their name, password, email, etc. What I want to do now is create with PHP a SIMPLE website with its login and password. What I don't know is how can I connect to my sql I just did. Do I have to export my database to a .sql file? I don't have any host to upload the files, can I try it in my own PC? How? How would mysql_connect() be?
Re: Creating a website to test SQL injection
wow, where to start.
You're simply asking how to use mysql commands in php.
You're confused as to what "sql injection" means. SQL Injection is bad. It means someone can inject something that you don't want to be added to your database.well, I'm desepreatly trying to create a website so I can try the use of SQL injection.
You're simply asking how to use mysql commands in php.
I used MySql server 5.1 to create a database named website and it has a table of members. I've added some random members with their name, password, email, etc. What I want to do now is create with PHP a SIMPLE website with its login and password. What I don't know is how can I connect to my sql I just did.
no.Do I have to export my database to a .sql file?
If you don't have a host to upload the files, then you did NOT "used MySql server 5.1 to create a database..." MySQL servers are on hosts. If you installed mysql on your computer..... you skipped a few steps. You forgot to install the actual web server part, which comes first. If you're really new at this, get rid of what you installed completely and start over with wamp.I don't have any host to upload the files,
mysql_connect()How? How would mysql_connect() be?
Code: Select all
mysql_connect(host, username, password);
//example usage:
mysql_connect('localhost','somename','blahdeblah');
mysql_select_db('your_database');
mysql_query("INSERT INTO `table_name` VALUES('1','abc','def');");
$res = mysql_query("SELECT * FROM `table_name` WHERE `row_name` > 4 LIMIT 2;");
while ($row = mysql_fetch_assoc($res)) {
print_r($row);
}
mysql_close();Re: Creating a website to test SQL injection
Well.. yeah I'm a complete noob. Thanks for answering. I want to do what this guy does in this tutorial:
http://blogs.iis.net/nazim/archive/2008 ... -demo.aspx
But if it's possible, not in AJAX, but in PHP.
But I'm too retarded to follow him because there are some things i really have no idea.
So the database i created with MySql using MySQL command line client is useless?
I know SQL injection is bad, a way to hack, etc. But I'm doing a research for school of sql injection.
So what do you think I should do?
http://blogs.iis.net/nazim/archive/2008 ... -demo.aspx
But if it's possible, not in AJAX, but in PHP.
But I'm too retarded to follow him because there are some things i really have no idea.
So the database i created with MySql using MySQL command line client is useless?
I know SQL injection is bad, a way to hack, etc. But I'm doing a research for school of sql injection.
So what do you think I should do?
Re: Creating a website to test SQL injection
No, you're database is not useless.
Just look up an online tutorial about php and mysql functions. Like this
Just look up an online tutorial about php and mysql functions. Like this
Re: Creating a website to test SQL injection
It is if he has no server software or php installed. The way I understand him is that he has nothing by the MySQL server installed. If that's the case, then it is completely useless as it does nothing by itself.jackpf wrote:No, you're database is not useless.
If you haven't worked at all with php and/or mysql, then let me be clear that there is a big learning gap here. I've worked with php for ~5 years and I'm still learning new things. Learning how to properly store and retrieve data from mysql from scratch is a project. The first step in that project is either to purchase hosting or create your own server. The easiest way to create your own server is using wamp, linked above.
Re: Creating a website to test SQL injection
All this guy is doing is showing you what NOT to do. Your first step is to buy "mysql and php for dummies" It will help you get set up and teach you the basics. Then you can go from there to hacking your own database with SQLi attacks.marcg11 wrote:I want to do what this guy does in this tutorial:
http://blogs.iis.net/nazim/archive/2008 ... -demo.aspx
But I'm too retarded to follow him because there are some things i really have no idea.
So what do you think I should do?
marcg11 might actually be asking us how to use php for sqli on others, but just doesn't know what to ask...
Re: Creating a website to test SQL injection
Oh, I completely misunderstood then lol.Skara wrote:It is if he has no server software or php installed. The way I understand him is that he has nothing by the MySQL server installed. If that's the case, then it is completely useless as it does nothing by itself.jackpf wrote:No, you're database is not useless.
If you haven't worked at all with php and/or mysql, then let me be clear that there is a big learning gap here. I've worked with php for ~5 years and I'm still learning new things. Learning how to properly store and retrieve data from mysql from scratch is a project. The first step in that project is either to purchase hosting or create your own server. The easiest way to create your own server is using wamp, linked above.
Re: Creating a website to test SQL injection
So with Wamp, will I be able to do what the sql injection demo says?
Re: Creating a website to test SQL injection
No, that tutorial is for ASP.NET.
Re: Creating a website to test SQL injection
I've looked through the internet and I found some examples of a simple login demonstration using PHP and MySQL, for example:
http://www.thedemosite.co.uk/demo-code.zip
But I don't know how to set it up. The readme says I have to change config.php, to connect to the database. But how can I create (well i know how to create with MySQL a database) one and upload it to a server?
I have more examples of demo logins, but I don't know what am I supose to do, how to connect PHP and SQL.
Thanks in advance.
http://www.thedemosite.co.uk/demo-code.zip
But I don't know how to set it up. The readme says I have to change config.php, to connect to the database. But how can I create (well i know how to create with MySQL a database) one and upload it to a server?
I have more examples of demo logins, but I don't know what am I supose to do, how to connect PHP and SQL.
Thanks in advance.
Last edited by marcg11 on Thu Jul 16, 2009 4:37 pm, edited 1 time in total.
Re: Creating a website to test SQL injection
This might be a better tutorial. Worked for me.
Re: Creating a website to test SQL injection
jackpf wrote:This might be a better tutorial. Worked for me.
Thanks, I'll have it a look.
-
DaiLaughing
- Forum Commoner
- Posts: 76
- Joined: Thu Jul 16, 2009 8:03 am
Re: Creating a website to test SQL injection
Tizag is excellent but I think it moves to fast for many so have created my own attempt and taken a total noob to creating half-decent sites. It's not there to compete but to get people started so they can move on to Tizag after. Give it a look if you find Tizag too heavy.
Re: Creating a website to test SQL injection
I thought tizag was pretty well paced tbh.
But yeah, nice site.
But yeah, nice site.
Re: Creating a website to test SQL injection
I downloaded WampServer2 but when I open it it gives me an error:
"The application has failed to start because php5.dll wasnot found. Re-installing the app may solve..."
I 've re-installed but nothing.
EDIT: I've overwrite the binary PHP 5.3 files to the bin/php folder in wamp and no error. But know the php errors don't show up, wierd thing.
"The application has failed to start because php5.dll wasnot found. Re-installing the app may solve..."
I 've re-installed but nothing.
EDIT: I've overwrite the binary PHP 5.3 files to the bin/php folder in wamp and no error. But know the php errors don't show up, wierd thing.