Page 1 of 1

Sql injection

Posted: Thu Feb 18, 2010 11:04 pm
by roriekas
hi all
I come from Indonesia, I'm sorry if I'm not english fluent
I was new in php

I want to ask, what this information can inject?

//login form
<div id="loginform">
<form method= "post" action="cheklogin.php" name="form1">
<label for="username"> Username:</label>
<input type="text" name="myusername" id="username" />
<label for="password"> Password:</label>
<input type="password" name="mypassword" id="password" />
<input type="submit" name="submit" value="login" />
</form>


//cheklogin.php
<?
$host = "localhost";
$username= "root";
$password= "";
$db_name = "mydb";
$tbl_name ="admin";
mysql_connect ($host, $username, $password) or ("can't connect");
mysql_select_db ($db_name) or die (mysql_error());
$myusername= $_POST['myusername'];
$password= $_POST['mypassword'];
$sql = "select * from $tbl_name where username='$myusername' and password='$mypassword' ";
$result = mysql_query ($sql);
$count = mysql_num_rows ($result);
if ($count==1) {
session_register("myusername");
session_register("mypassword");
header ("location:login_success.php");
}
else {
echo "wrong password";
}
?>


inject how to prevent?
and how to inject login above?

please help me, I was confused when someone break my website
I want to know how he broke my website

Re: Sql injection

Posted: Thu Feb 18, 2010 11:13 pm
by pbs
Yes SQL injection is possible in your code, to avoid this use sprintf().

Refer : http://in.php.net/manual/en/function.sprintf.php

Re: Sql injection

Posted: Fri Feb 19, 2010 12:23 am
by roriekas
how he did inject it?
assuming he has the source code of my web.
I have tried to inject my website, but still failed. :banghead:

Re: Sql injection

Posted: Fri Feb 19, 2010 4:09 am
by timWebUK
You need to use mysql_real_escape_string() on your POST values:

http://php.net/manual/en/function.mysql ... string.php


For example:

Code: Select all

$username = mysql_real_escape_string($_POST['username']);
He doesn't need the source code, trial and error with different injections. He could have typed:

password' OR '1=1

As the password or username, or similar, because you do not escape any input before you send the query.

Your code doesn't seem to validate ANY input from the user at all.

Re: Sql injection

Posted: Fri Feb 19, 2010 7:03 am
by roriekas
whether the vesi php 5 can inject information
sorry if my reply many questions

thanks for all the air to help ..

Re: Sql injection

Posted: Thu Mar 04, 2010 3:15 pm
by echelon2010
I suggest you to upgrade to latest sql version which will minimize the sql injection and also stop sql bypass