Hi,
I just need to know how can someone sql inject on my website, what the '-' sign placed after the id for example id=-3 instead of id=3 and how by that the website will execute the sql query placed after the id, and how some columns would be more vulnerable to sql injection than the others? I really want to know that to protect my website from hackers..
thanks.
SQL injection
Moderator: General Moderators
-
social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: SQL injection
http://www.codeproject.com/Articles/937 ... ow-to-Prev
Have a look at this url or enter 'Sql injection' into your prefered search engine; there are tons of resources;
I think all columns are equally vulnerable in terms of sql injection attacks, problem is in my opinion more with column names being easy to guess which makes the attackers' job easier. Protecting your site / data is not too difficult; you only have to remember to check ALL input that you receive because you don't always know where the data is from.
Edit
Thanks for posting the url; interesting read;
Have a look at this url or enter 'Sql injection' into your prefered search engine; there are tons of resources;
I think all columns are equally vulnerable in terms of sql injection attacks, problem is in my opinion more with column names being easy to guess which makes the attackers' job easier. Protecting your site / data is not too difficult; you only have to remember to check ALL input that you receive because you don't always know where the data is from.
Edit
Thanks for posting the url; interesting read;
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Re: SQL injection
Hi,
thank you for your reply but what I meant is why when you add id=-3 union select 1,2,3,4,5.. the number of the columns you get only some of those columns returned onto your page and inthe tutorials they called it vulnerable columns why the rest of the columns were not returned by this query?
thanks.
thank you for your reply but what I meant is why when you add id=-3 union select 1,2,3,4,5.. the number of the columns you get only some of those columns returned onto your page and inthe tutorials they called it vulnerable columns why the rest of the columns were not returned by this query?
thanks.
Re: SQL injection
Try the article on SQL injection in my signature - there are examples in runnable code you can play with.
Re: SQL injection
Hi,
thanks I tried the SQL injection before and I've understood it, it worked for me but what I'm trying to understand is why there are some called columns appearing on the screen and others not and in the tutorial I found that those columns are the vulnerable ones but why they are more vulnerable than the other columns how can a column be vulnerable what should the data be in it...?
thanks I tried the SQL injection before and I've understood it, it worked for me but what I'm trying to understand is why there are some called columns appearing on the screen and others not and in the tutorial I found that those columns are the vulnerable ones but why they are more vulnerable than the other columns how can a column be vulnerable what should the data be in it...?
Re: SQL injection
It appears on the screen if the PHP script outputs it. There are otherwise no differences in how vulnerable different columns would be.