PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Mon Sep 16, 2019 12:17 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: SQL injection
PostPosted: Thu Sep 27, 2012 6:29 am 
Offline
Forum Newbie

Joined: Thu Sep 27, 2012 6:24 am
Posts: 4
Hi,

I just need to know how can someone sql inject on my website, what the '-' sign placed after the id for example id=-3 instead of id=3 and how by that the website will execute the sql query placed after the id, and how some columns would be more vulnerable to sql injection than the others? I really want to know that to protect my website from hackers..

thanks.


Top
 Profile  
 
 Post subject: Re: SQL injection
PostPosted: Thu Sep 27, 2012 7:51 am 
Offline
Forum Newbie

Joined: Thu Sep 27, 2012 6:24 am
Posts: 4
Hi,

I found the answer:
http://edatabase.blogspot.com/2012/08/b ... orial.html
thanks.


Top
 Profile  
 
 Post subject: Re: SQL injection
PostPosted: Thu Sep 27, 2012 7:55 am 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za

Have a look at this url or enter 'Sql injection' into your prefered search engine; there are tons of resources;

I think all columns are equally vulnerable in terms of sql injection attacks, problem is in my opinion more with column names being easy to guess which makes the attackers' job easier. Protecting your site / data is not too difficult; you only have to remember to check ALL input that you receive because you don't always know where the data is from.

Edit
Thanks for posting the url; interesting read;

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
 Post subject: Re: SQL injection
PostPosted: Fri Sep 28, 2012 3:39 am 
Offline
Forum Newbie

Joined: Thu Sep 27, 2012 6:24 am
Posts: 4
Hi,

thank you for your reply but what I meant is why when you add id=-3 union select 1,2,3,4,5.. the number of the columns you get only some of those columns returned onto your page and inthe tutorials they called it vulnerable columns why the rest of the columns were not returned by this query?

thanks.


Top
 Profile  
 
 Post subject: Re: SQL injection
PostPosted: Fri Sep 28, 2012 6:39 am 
Offline
DevNet Resident
User avatar

Joined: Sun Sep 03, 2006 5:19 am
Posts: 1579
Location: Sofia, Bulgaria
Try the article on SQL injection in my signature - there are examples in runnable code you can play with.


Top
 Profile  
 
 Post subject: Re: SQL injection
PostPosted: Sun Sep 30, 2012 7:14 am 
Offline
Forum Newbie

Joined: Thu Sep 27, 2012 6:24 am
Posts: 4
Hi,

thanks I tried the SQL injection before and I've understood it, it worked for me but what I'm trying to understand is why there are some called columns appearing on the screen and others not and in the tutorial I found that those columns are the vulnerable ones but why they are more vulnerable than the other columns how can a column be vulnerable what should the data be in it...?


Top
 Profile  
 
 Post subject: Re: SQL injection
PostPosted: Mon Oct 01, 2012 3:18 am 
Offline
DevNet Resident
User avatar

Joined: Sun Sep 03, 2006 5:19 am
Posts: 1579
Location: Sofia, Bulgaria
It appears on the screen if the PHP script outputs it. There are otherwise no differences in how vulnerable different columns would be.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group