Creating a website to test SQL injection

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Creating a website to test SQL injection

Post by jackpf »

What, so it's fixed now?
marcg11
Forum Newbie
Posts: 10
Joined: Sun Jul 12, 2009 12:14 pm

Re: Creating a website to test SQL injection

Post by marcg11 »

At least i don't get the php5.dll error.

But I'm not getting the the typical errror message when I try to connect with mysql_connect and the parameters are wrong. And obviously It's not connecting.

Seems like it doesn't show the errors or something.
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Creating a website to test SQL injection

Post by jackpf »

Have you got errors turned on in php.ini?
marcg11
Forum Newbie
Posts: 10
Joined: Sun Jul 12, 2009 12:14 pm

Re: Creating a website to test SQL injection

Post by marcg11 »

jackpf wrote:Have you got errors turned on in php.ini?
that's php.ini, didn't touch anything yet, the default ones.

Code: Select all

 
; allow_call_time_pass_reference
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
; display_errors
;   Default Value: On
;   Development Value: On
;   Production Value: Off
 
; display_startup_errors
;   Default Value: Off
;   Development Value: On
;   Production Value: Off
 
; error_reporting
;   Default Value: E_ALL & ~E_NOTICE
;   Development Value: E_ALL | E_STRICT
;   Production Value: E_ALL & ~E_DEPRECATED
 
; html_errors
;   Default Value: On
;   Development Value: On
;   Production value: Off
 
; log_errors
;   Default Value: Off
;   Development Value: On
;   Production Value: On
 
; magic_quotes_gpc
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
; max_input_time
;   Default Value: -1 (Unlimited)
;   Development Value: 60 (60 seconds)
;   Production Value: 60 (60 seconds)
 
; output_buffering
;   Default Value: Off
;   Development Value: 4096
;   Production Value: 4096
 
; register_argc_argv
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
; register_long_arrays
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
; request_order
;   Default Value: None
;   Development Value: "GP"
;   Production Value: "GP"
 
; session.bug_compat_42
;   Default Value: On
;   Development Value: On
;   Production Value: Off
 
; session.bug_compat_warn
;   Default Value: On
;   Development Value: On
;   Production Value: Off
 
; session.gc_divisor
;   Default Value: 100
;   Development Value: 1000
;   Production Value: 1000
 
; session.hash_bits_per_character
;   Default Value: 4
;   Development Value: 5
;   Production Value: 5
 
; short_open_tag
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
; track_errors
;   Default Value: Off
;   Development Value: On
;   Production Value: Off
 
; url_rewriter.tags
;   Default Value: "a=href,area=href,frame=src,form=,fieldset="
;   Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
;   Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
 
; variables_order
;   Default Value: "EGPCS"
;   Development Value: "GPCS"
;   Production Value: "GPCS"
Last edited by Benjamin on Sat Jul 18, 2009 11:35 pm, edited 1 time in total.
Reason: Added [code] tags.
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Creating a website to test SQL injection

Post by jackpf »

Do a search for display_errors and remove any semi colons preceding any values, and make sure everything is set to "on".
marcg11
Forum Newbie
Posts: 10
Joined: Sun Jul 12, 2009 12:14 pm

Re: Creating a website to test SQL injection

Post by marcg11 »

No results... with this.

Code: Select all

 
; The following are all the settings which are different in either the production
; or development versions of the INIs with respect to PHP's default behavior.
; Please see the actual settings later in the document for more details as to why
; we recommend these changes in PHP's behavior.
 
; allow_call_time_pass_reference
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
   display_errors
   Default Value: On
   Development Value: On
   Production Value: on
 
   display_startup_errors
   Default Value: on
   Development Value: On
   Production Value: on
 
; error_reporting
;   Default Value: E_ALL & ~E_NOTICE
;   Development Value: E_ALL | E_STRICT
;   Production Value: E_ALL & ~E_DEPRECATED
 
   html_errors
   Default Value: On
   Development Value: On
   Production value: on
 
   log_errors
   Default Value: on
   Development Value: On
   Production Value: On
 
; magic_quotes_gpc
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
; max_input_time
;   Default Value: -1 (Unlimited)
;   Development Value: 60 (60 seconds)
;   Production Value: 60 (60 seconds)
 
; output_buffering
;   Default Value: Off
;   Development Value: 4096
;   Production Value: 4096
 
; register_argc_argv
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
; register_long_arrays
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
; request_order
;   Default Value: None
;   Development Value: "GP"
;   Production Value: "GP"
 
; session.bug_compat_42
;   Default Value: On
;   Development Value: On
;   Production Value: Off
 
; session.bug_compat_warn
;   Default Value: On
;   Development Value: On
;   Production Value: Off
 
; session.gc_divisor
;   Default Value: 100
;   Development Value: 1000
;   Production Value: 1000
 
; session.hash_bits_per_character
;   Default Value: 4
;   Development Value: 5
;   Production Value: 5
 
; short_open_tag
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
   track_errors
   Default Value: on
   Development Value: On
   Production Value: on
 
; url_rewriter.tags
;   Default Value: "a=href,area=href,frame=src,form=,fieldset="
;   Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
;   Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
 
; variables_order
;   Default Value: "EGPCS"
;   Development Value: "GPCS"
;   Production Value: "GPCS"
 
I know it has to display the error because If i upload the .php in a free host, the error shows up.
Last edited by Benjamin on Sat Jul 18, 2009 11:35 pm, edited 1 time in total.
Reason: Added [code] tags.
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Creating a website to test SQL injection

Post by jackpf »

That doesn't look like a php.ini file.
marcg11
Forum Newbie
Posts: 10
Joined: Sun Jul 12, 2009 12:14 pm

Re: Creating a website to test SQL injection

Post by marcg11 »

Well, it is.
DaiLaughing
Forum Commoner
Posts: 76
Joined: Thu Jul 16, 2009 8:03 am

Re: Creating a website to test SQL injection

Post by DaiLaughing »

jackpf wrote:I thought tizag was pretty well paced tbh.

But yeah, nice site.
Tizag is good if you have a head start but for many in these forums and elsewhere they need the real basics for a while before getting into the good stuff. The trouble is so much depends on so much else and knowing where to start and where to go next is often a problem. Thanks for the comment.
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Creating a website to test SQL injection

Post by jackpf »

Ahh...I'd had a bit of experience with programming before I started learning PHP so I guess I had a head start.

Yeah...after I'd gone through the tizag tutorials it was pretty much a case of learning stuff from forums like this, and reading through other people's code...like PHPBB's and SMF's.
Post Reply