Idea about SQLi attacks & how to prevent
SQL injection is the technique to bypass the security of website.
Its very common vulnerability found in websites, SQL injection
vulnerability caused due to poor coding of the developers.
With the SQLi loophole an attacker can easily hack your site that will lead to data loss or many other social issues.
Now we are going to develop a simple login system where PHP is used
for database connectivity and server side processing and MySQL is used
as database storage.
======================================================
PHP CODE
<title>
SQLi – Attacks
</title>
<from action="”verify.php”" method="”POST”"></from>
Username :<input type="”text”" name="”user”"></input>
Password :<input type="”password”" name="pass”"></input>
<input type="“submit”" value="”Login”"></input>
======================================================
//Now verify.php for verifying the login by user
PHP CODE
/// For Database Connectivity ///
$count = 0;
$host=”localhost”; //Host name
$username=”root”; //Mysql usermane
$passqord=””; //Mysql password
$db_name=”SQL”; //Database name
$tbl_name=”user”; //Table name
// connect to server and select database.
Mysql_connect(“$host”, “$username”, “$password”)or die(“cannot connect”);
Mysql_select_db(“$db_name”)or die(“cannot select DB”);
======================================================
//checking login essentials
$user =$_POST[‘user’];
$pass =$_POST[‘pass’];
$sql=”SELECT *FROM $tbl_name WHERE usern=’$user’ AND pass=’$pass””;
$result=mysql_query($sql);
$count=mysql_nu,_rows($result);
If($count) {
Echo “
Welcome Usser
”;
}
Else
{
Echo “Bed Username or Password”;
}
?>
In the above code, we used the query
“SELSCT *FROME $tbl_name WHERE usern=’$user’ AND pass=’$pass’”;
An attacker can easily bypass this by making the whole expression
true. It can be done, if the user passes the value 1’ or’1’=’1 in
username and password. Then the above expression becomes like this :
“SELECT *FROM $tbl_name WHERE usern=’$user’ AND pass=’$pass’”;
Now the value of user and password is 1’ or’1’=’1.
“SELECT *FROM $tbl_name WHERE usern=’1’ or’1’=’1’ AND pass=’1’ or’1’=’1’”;
Now the whole expression become TRUE you can try it yourself.
======================================================
SQLi Prevention:-
Now to avoid SQL injection we well escape the data before passing it
to the MySQL query string. In PHP, we take the help of the function
mysql_real_escape_string();, which escapes the string. It will convert
‘into \’by escaping it.
Now I am going to writing secure code.
PHP CODE
/// FOR Database connectivity ///
$count =0;
$host=”localhost”; //Host name
$username=”root”; //Mysql username
$password=””; //Mysql password
$db_name=”SQLi”; //Database name
$tbl_name=”user”; //Table name
// Connect to server and select database.
mysql_connect(“$host”,”$username”, “$password”)or die(“cannot connect”);
mysql_select_db(“$db_name”)or die(“cannot selectDB”);
// Checking login essentials
$user =mysql_real_escape_string($_POST[‘user]);
$pass =mysql_real_escapr_string($_POST[‘pass’]);
$sql=”SELSCT * FROM $tbl_name WHERE usern=’$user’ AND pass=’$pass’”;
$result=mysql_query($sql);
$count=mysql_num_rows($result);
If($ccount){
Echo “
Welcome User
”;
}
Else
{
Echo ‘Bed Username or Password”;
}
?>
This code is more secure than the previous one. It can be made more securing by considering Brute Force prevention,
Now we have the knowledge of SQLi attack and its prevention, and we are able to write more secure code
======================================================
"For more information about NetworkzPeritus, you may visit our website at http://www.NetworkzPeritus.com/ & blog at http://networkzperitus.blogspot.in/
Posted by Viviek
