Sql Injections (Escaping)
Posted: Thu Nov 12, 2009 3:01 pm
For my security class my teacher said I can choose what I learn and do everything on my own. I decided to start with mysql injections. I started to setup a page to demonstrate one but have run in to problems in making my code error.
This is part of my php code
In the html form that gets the email (php gathers the value from the post value) I enter <user' OR 1=1; -- > (without the brackets. I have tried a few different things but all end with it not escaping and the injection failing. Some people have asked about my php.ini file and magic quotes (on by default) and I even turned that off (then restarted apache).
I expect that the injection should select user on the table and display the whole row ignoring if the password is correct or not.
Any help is greatly appreciated!
Thanks,
clR3vv
This is part of my php code
Code: Select all
$mysql = "SELECT * From Users WHERE Email='$email' AND Password='$password';";
$result = mysql_query($mysql);I expect that the injection should select user on the table and display the whole row ignoring if the password is correct or not.
Any help is greatly appreciated!
Thanks,
clR3vv