SQL injection

View unanswered posts | View active topics

Board index » Programming » PHP - Security

All times are UTC - 5 hours

Moderator: General Moderators

Page 1 of 1

[ 7 posts ]

Print view

Previous topic | Next topic

Author

Message

abed111

Post subject: SQL injection

Posted: Thu Sep 27, 2012 6:29 am

Forum Newbie

Joined: Thu Sep 27, 2012 6:24 am
Posts: 4

Hi,

I just need to know how can someone sql inject on my website, what the '-' sign placed after the id for example id=-3 instead of id=3 and how by that the website will execute the sql query placed after the id, and how some columns would be more vulnerable to sql injection than the others? I really want to know that to protect my website from hackers..

thanks.

Top

abed111

Post subject: Re: SQL injection

Posted: Thu Sep 27, 2012 7:51 am

Forum Newbie

Joined: Thu Sep 27, 2012 6:24 am
Posts: 4

Hi,

I found the answer:
http://edatabase.blogspot.com/2012/08/b ... orial.html
thanks.

Top

social_experiment

Post subject: Re: SQL injection

Posted: Thu Sep 27, 2012 7:55 am

DevNet Master

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za

Have a look at this url or enter 'Sql injection' into your prefered search engine; there are tons of resources;

I think all columns are equally vulnerable in terms of sql injection attacks, problem is in my opinion more with column names being easy to guess which makes the attackers' job easier. Protecting your site / data is not too difficult; you only have to remember to check ALL input that you receive because you don't always know where the data is from.

Edit
Thanks for posting the url; interesting read;

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering

Top

abed111

Post subject: Re: SQL injection

Posted: Fri Sep 28, 2012 3:39 am

Forum Newbie

Joined: Thu Sep 27, 2012 6:24 am
Posts: 4

Hi,

thank you for your reply but what I meant is why when you add id=-3 union select 1,2,3,4,5.. the number of the columns you get only some of those columns returned onto your page and inthe tutorials they called it vulnerable columns why the rest of the columns were not returned by this query?

thanks.

Top

Mordred

Post subject: Re: SQL injection

Posted: Fri Sep 28, 2012 6:39 am

DevNet Resident

Joined: Sun Sep 03, 2006 5:19 am
Posts: 1579
Location: Sofia, Bulgaria

Try the article on SQL injection in my signature - there are examples in runnable code you can play with.

Top

abed111

Post subject: Re: SQL injection

Posted: Sun Sep 30, 2012 7:14 am

Forum Newbie

Joined: Thu Sep 27, 2012 6:24 am
Posts: 4

Hi,

thanks I tried the SQL injection before and I've understood it, it worked for me but what I'm trying to understand is why there are some called columns appearing on the screen and others not and in the tutorial I found that those columns are the vulnerable ones but why they are more vulnerable than the other columns how can a column be vulnerable what should the data be in it...?

Top

Mordred

Post subject: Re: SQL injection

Posted: Mon Oct 01, 2012 3:18 am

DevNet Resident

Joined: Sun Sep 03, 2006 5:19 am
Posts: 1579
Location: Sofia, Bulgaria

It appears on the screen if the PHP script outputs it. There are otherwise no differences in how vulnerable different columns would be.

Top

Page 1 of 1

[ 7 posts ]

Board index » Programming » PHP - Security

All times are UTC - 5 hours

Who is online

Users browsing this forum: No registered users and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to: