For my security class my teacher said I can choose what I learn and do everything on my own. I decided to start with mysql injections. I started to setup a page to demonstrate one but have run in to problems in making my code error.
This is part of my php code
Code: Select all
$mysql = "SELECT * From Users WHERE Email='$email' AND Password='$password';";
$result = mysql_query($mysql);
In the html form that gets the email (php gathers the value from the post value) I enter <user' OR 1=1; -- > (without the brackets. I have tried a few different things but all end with it not escaping and the injection failing. Some people have asked about my php.ini file and magic quotes (on by default) and I even turned that off (then restarted apache).
I expect that the injection should select user on the table and display the whole row ignoring if the password is correct or not.
Any help is greatly appreciated!
Thanks,
clR3vv