SQL injection
Dori Dorian


What is SQL Injection
SQL injection refers to the act of someone inserting a MySQL statement to be run on your database without your knowledge. Injection usually occurs when you ask a user for input, like their name, and instead of a name they give you a MySQL statement that you will unknowingly run on your database.

SQL Injection Example
Below is a sample string that has been gathered from a normal user and a bad user trying to use SQL Injection. We asked the users for their login, which will be used to run a SELECT statement to get their information.


MySQL & PHP Code:// a good user's name
$name = "timmy";
$query = "SELECT * FROM customers WHERE username = '$name'";
echo "Normal: " . $query . "
";
// user input that uses SQL Injection
$name_bad = "' OR 1'";
// our MySQL query builder, however, not a very safe one
$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
// display what the new query will look like, with injection
echo "Injection: " . $query_bad;


Display:
Normal: SELECT * FROM customers WHERE username = 'timmy'Injection: SELECT * FROM customers WHERE username = '' OR 1''
The normal query is no problem, as our MySQL statement will just select everything from customers that has a username equal to timmy.
However, the injection attack has actually made our query behave differently than we intended. By using a single quote (') they have ended the string part of our MySQL query
username = ' '
and then added on to our WHERE statement with an OR clause of 1 (always true).
username = ' ' OR 1
This OR clause of 1 will always be true and so every single entry in the "customers" table would be selected by this statement!

More Serious SQL Injection Attacks
Although the above example displayed a situation where an attacker could possibly get access to a lot of information they shouldn't have, the attacks can be a lot worse. For example an attacker could empty out a table by executing a DELETE statement.
MySQL & PHP Code:$name_evil = "'; DELETE FROM customers WHERE 1 or username = '";
// our MySQL query builder really should check for injection
$query_evil = "SELECT * FROM customers WHERE username = '$name_evil'";
// the new evil injection query would include a DELETE statement
echo "Injection: " . $query_evil;
Display:
SELECT * FROM customers WHERE username = ' '; DELETE FROM customers WHERE 1 or username = ' '
If you were run this query, then the injected DELETE statement would completely empty your "customers" table. Now that you know this is a problem, how can you prevent it?

For more info, please visit http://www.tizag.com/
Labels: edit post
0 Responses

Post a Comment

Subscribe to: Post Comments (Atom)

  • About Me

    @-->WhaT uR wAnt NoE AbouT mE??___
    @-->AbOuT mE = aSk mE + FolloW mE_xP WekKz___
    @-->Don’T NoE AiGht,Let’s OpEn uR eYeS WitHoUt uR mInd & I tEll You___
    @-->mA name iS iKrAm____
    @-->mA fWenz AlSo Call mE am_dorian tPi xsRuPe Deyh____
    @-->I’m 22 YeaRs olD____
    @-->mA beStdaY oN 10/Oc/1989_cApRi____
    @-->I’m SimPle Guy WitH SimpLe LiFe N SimPly WhiTe~LikE NaSi LEmaK~! heHeh=)____
    @-->I doN’t LikE SmoOkiNg yAwW_yE ker?? SomeTimE “^_^____
    @-->N nEvEr tAke alCoholiC DriNks____
    @-->alwAy’s TenSiaL AbOut mA sTudy sUcH java@ Coding & Coding & Coding; De SubJek PosiNg2___
    @-->Errm...HepPy goOd LucKy____
    @-->vErY CheEky bUt litTle biT nAughTy^^ ____
    @-->I LikE meeting Up 4 DinNer___
    @-->mA fAv aCtiVitiEs~hElpiNg sOmeoNe tHat I TruSt___
    @-->i’M hUngRy Not 4 DrinKs bUt 4 SucCeSs,HonEstly & ♥~ahAhakz =) ____
    @-->I ValuE fRieNdsHip a Lot ____
    @-->WhaTeVEr gUy @ GurlZ tHat I NoE...____
    @-->LasTly I h8 PeoPle Who aRe sElfiSh,Ego & BusY bOdy...!!

    Followers