preventing SQL injection
Moderator: General Moderators
preventing SQL injection
Hello,
I am doing the Security Audit of the web application in which if I enter [b]' (single quote)[/b] in a particular field on a PHP Page and as a result [b]\' (backward slash)[/b] is inserted. That means either of the two functions are used
1. addslashes()
2. mysql_real_escape_string()
Now I wanted to know, if I can break the statement inspite of using these statements and can test SQL Injection attack on a PHP web page.
Thanks in advance
I am doing the Security Audit of the web application in which if I enter [b]' (single quote)[/b] in a particular field on a PHP Page and as a result [b]\' (backward slash)[/b] is inserted. That means either of the two functions are used
1. addslashes()
2. mysql_real_escape_string()
Now I wanted to know, if I can break the statement inspite of using these statements and can test SQL Injection attack on a PHP web page.
Thanks in advance
- jayshields
- DevNet Resident
- Posts: 1912
- Joined: Mon Aug 22, 2005 12:11 pm
- Location: Leeds/Manchester, England
Re: preventing SQL injection
Or...an123 wrote:That means either of the two functions are used
1. addslashes()
2. mysql_real_escape_string()
3. magic_quots_gpc is On
Query: Preventing SQL Injection attack
Hello,
I do not have access to coding of the PHP page, then if it can be possible to use [b]stripslashes()[/b] ? If yes, then how?
Thank you
I do not have access to coding of the PHP page, then if it can be possible to use [b]stripslashes()[/b] ? If yes, then how?
Thank you
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Re: Query: Preventing SQL Injection attack
an123 wrote:Hello,
I do not have access to coding of the PHP page, then if it can be possible to use stripslashes() ? If yes, then how?
Thank you
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
Query: SQL Injection attack
Hello,
I am in the right forum. I am not a Hacker, I am an Auditor and doing Web Application Security Audit of the Websites without code review. That is why I am exploring the possiblities of attack so that I give proper recommendations in my Security Audit report.
Also I wanted to know if the SQL injection attack can be possible in PHP by manipulating the parameters in Browser's address bar? If the same functions as described above can also be used for such parameters?
Thank you
I am in the right forum. I am not a Hacker, I am an Auditor and doing Web Application Security Audit of the Websites without code review. That is why I am exploring the possiblities of attack so that I give proper recommendations in my Security Audit report.
Also I wanted to know if the SQL injection attack can be possible in PHP by manipulating the parameters in Browser's address bar? If the same functions as described above can also be used for such parameters?
Thank you
Surely a Security Auditor performing a security audit would know and understand the mechanics of these issues far better than most on this forum.
If it were me and I found myself unsure of what facts should go into a Security Audit report for a client, my first recommendation would be along the lines of:
"I believe that this site would benefit from a review of security by a professional php security expert."
If it were me and I found myself unsure of what facts should go into a Security Audit report for a client, my first recommendation would be along the lines of:
"I believe that this site would benefit from a review of security by a professional php security expert."
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
For a security auditor you don't really seem to understand the principles of SQL injection
Reguardless, any form of user input should be validated and checked, that includes the url ($_GET), forms ($_POST/$_GET), and $_SERVER variables.
At minimum, one should pass all data through mysql_real_escape() and trim() when dealing with SQL, and when outputting content htmlspecialchars()
At minimum, one should pass all data through mysql_real_escape() and trim() when dealing with SQL, and when outputting content htmlspecialchars()