Page 1 of 1
preventing SQL injection
Posted: Sat May 12, 2007 7:02 am
by an123
Hello,
I am doing the Security Audit of the web application in which if I enter [b]' (single quote)[/b] in a particular field on a PHP Page and as a result [b]\' (backward slash)[/b] is inserted. That means either of the two functions are used
1. addslashes()
2. mysql_real_escape_string()
Now I wanted to know, if I can break the statement inspite of using these statements and can test SQL Injection attack on a PHP web page.
Thanks in advance
Posted: Sat May 12, 2007 10:37 am
by jayshields
If you're asking us to tell you how to perform an SQL injection attack then it isn't going to happen.
If I understand you correctly, you mean that the output on the webpage has the slashes in it? To remove that just use stripslashes().
Re: preventing SQL injection
Posted: Sat May 12, 2007 11:12 am
by Oren
an123 wrote:That means either of the two functions are used
1. addslashes()
2. mysql_real_escape_string()
Or...
3. magic_quots_gpc is
On
Query: Preventing SQL Injection attack
Posted: Sat May 12, 2007 12:59 pm
by an123
Hello,
I do not have access to coding of the PHP page, then if it can be possible to use [b]stripslashes()[/b] ? If yes, then how?
Thank you
Re: Query: Preventing SQL Injection attack
Posted: Sat May 12, 2007 1:18 pm
by Chris Corbyn
an123 wrote:Hello,
I do not have access to coding of the PHP page, then if it can be possible to use stripslashes() ? If yes, then how?
Thank you

You don't have access to the code? Are you trying to be a hacker or something? We're not going to help you compromise someone else's system.
Posted: Sat May 12, 2007 3:00 pm
by nickvd
lol...
Hello officer! I was hoping you could tell me where to find the nearest crack house to score a hit. Oh, you can't help me with that? Okay, well I have this TNT that I found, I was also hoping you would have some blasting caps on you...WAIT! why are you handcuffing me?!?!
Posted: Sat May 12, 2007 5:18 pm
by Ambush Commander
You've come to the wrong forum dude.
Psst: try sla.ckers.org instead
Query: SQL Injection attack
Posted: Sun May 13, 2007 11:27 pm
by an123
Hello,
I am in the right forum. I am not a Hacker, I am an Auditor and doing Web Application Security Audit of the Websites without code review. That is why I am exploring the possiblities of attack so that I give proper recommendations in my Security Audit report.
Also I wanted to know if the SQL injection attack can be possible in PHP by manipulating the parameters in Browser's address bar? If the same functions as described above can also be used for such parameters?
Thank you
Posted: Sun May 13, 2007 11:41 pm
by Stryks
Surely a Security Auditor performing a security audit would know and understand the mechanics of these issues far better than most on this forum.
If it were me and I found myself unsure of what facts should go into a Security Audit report for a client, my first recommendation would be along the lines of:
"I believe that this site would benefit from a review of security by a professional php security expert."
Posted: Sun May 13, 2007 11:41 pm
by John Cartwright
For a security auditor you don't really seem to understand the principles of SQL injection

Reguardless, any form of user input should be validated and checked, that includes the url ($_GET), forms ($_POST/$_GET), and $_SERVER variables.
At minimum, one should pass all data through mysql_real_escape() and trim() when dealing with SQL, and when outputting content htmlspecialchars()