PHP Developers Network
http://forums.devnetwork.net/

SQL injection
http://forums.devnetwork.net/viewtopic.php?f=34&t=136799
Page 1 of 1

Author:  abed111 [ Thu Sep 27, 2012 6:29 am ]
Post subject:  SQL injection

Hi,

I just need to know how can someone sql inject on my website, what the '-' sign placed after the id for example id=-3 instead of id=3 and how by that the website will execute the sql query placed after the id, and how some columns would be more vulnerable to sql injection than the others? I really want to know that to protect my website from hackers..

thanks.

Author:  abed111 [ Thu Sep 27, 2012 7:51 am ]
Post subject:  Re: SQL injection

Hi,

I found the answer:
http://edatabase.blogspot.com/2012/08/b ... orial.html
thanks.

Author:  social_experiment [ Thu Sep 27, 2012 7:55 am ]
Post subject:  Re: SQL injection


Have a look at this url or enter 'Sql injection' into your prefered search engine; there are tons of resources;

I think all columns are equally vulnerable in terms of sql injection attacks, problem is in my opinion more with column names being easy to guess which makes the attackers' job easier. Protecting your site / data is not too difficult; you only have to remember to check ALL input that you receive because you don't always know where the data is from.

Edit
Thanks for posting the url; interesting read;

Author:  abed111 [ Fri Sep 28, 2012 3:39 am ]
Post subject:  Re: SQL injection

Hi,

thank you for your reply but what I meant is why when you add id=-3 union select 1,2,3,4,5.. the number of the columns you get only some of those columns returned onto your page and inthe tutorials they called it vulnerable columns why the rest of the columns were not returned by this query?

thanks.

Author:  Mordred [ Fri Sep 28, 2012 6:39 am ]
Post subject:  Re: SQL injection

Try the article on SQL injection in my signature - there are examples in runnable code you can play with.

Author:  abed111 [ Sun Sep 30, 2012 7:14 am ]
Post subject:  Re: SQL injection

Hi,

thanks I tried the SQL injection before and I've understood it, it worked for me but what I'm trying to understand is why there are some called columns appearing on the screen and others not and in the tutorial I found that those columns are the vulnerable ones but why they are more vulnerable than the other columns how can a column be vulnerable what should the data be in it...?

Author:  Mordred [ Mon Oct 01, 2012 3:18 am ]
Post subject:  Re: SQL injection

It appears on the screen if the PHP script outputs it. There are otherwise no differences in how vulnerable different columns would be.

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/