Sql injection

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
roriekas
Forum Newbie
Posts: 3
Joined: Thu Feb 18, 2010 10:42 pm

Sql injection

Post by roriekas »

hi all
I come from Indonesia, I'm sorry if I'm not english fluent
I was new in php

I want to ask, what this information can inject?

//login form
<div id="loginform">
<form method= "post" action="cheklogin.php" name="form1">
<label for="username"> Username:</label>
<input type="text" name="myusername" id="username" />
<label for="password"> Password:</label>
<input type="password" name="mypassword" id="password" />
<input type="submit" name="submit" value="login" />
</form>


//cheklogin.php
<?
$host = "localhost";
$username= "root";
$password= "";
$db_name = "mydb";
$tbl_name ="admin";
mysql_connect ($host, $username, $password) or ("can't connect");
mysql_select_db ($db_name) or die (mysql_error());
$myusername= $_POST['myusername'];
$password= $_POST['mypassword'];
$sql = "select * from $tbl_name where username='$myusername' and password='$mypassword' ";
$result = mysql_query ($sql);
$count = mysql_num_rows ($result);
if ($count==1) {
session_register("myusername");
session_register("mypassword");
header ("location:login_success.php");
}
else {
echo "wrong password";
}
?>


inject how to prevent?
and how to inject login above?

please help me, I was confused when someone break my website
I want to know how he broke my website
pbs
Forum Contributor
Posts: 230
Joined: Fri Nov 07, 2008 5:31 am
Location: Nashik, India
Contact:

Re: Sql injection

Post by pbs »

Yes SQL injection is possible in your code, to avoid this use sprintf().

Refer : http://in.php.net/manual/en/function.sprintf.php
roriekas
Forum Newbie
Posts: 3
Joined: Thu Feb 18, 2010 10:42 pm

Re: Sql injection

Post by roriekas »

how he did inject it?
assuming he has the source code of my web.
I have tried to inject my website, but still failed. :banghead:
User avatar
timWebUK
Forum Contributor
Posts: 239
Joined: Thu Oct 29, 2009 6:48 am
Location: UK

Re: Sql injection

Post by timWebUK »

You need to use mysql_real_escape_string() on your POST values:

http://php.net/manual/en/function.mysql ... string.php


For example:

Code: Select all

$username = mysql_real_escape_string($_POST['username']);
He doesn't need the source code, trial and error with different injections. He could have typed:

password' OR '1=1

As the password or username, or similar, because you do not escape any input before you send the query.

Your code doesn't seem to validate ANY input from the user at all.
roriekas
Forum Newbie
Posts: 3
Joined: Thu Feb 18, 2010 10:42 pm

Re: Sql injection

Post by roriekas »

whether the vesi php 5 can inject information
sorry if my reply many questions

thanks for all the air to help ..
echelon2010
Forum Newbie
Posts: 8
Joined: Thu Mar 04, 2010 2:56 pm

Re: Sql injection

Post by echelon2010 »

I suggest you to upgrade to latest sql version which will minimize the sql injection and also stop sql bypass
Post Reply