Programming Tutorials

What is SQL Injection

By: Emiley J. in MySQL Tutorials on 2008-11-23  

SQL Injection is a method in which an attacker inserts malicious code into queries that run on your database. Have a look at this example:

$query = "SELECT login_id FROM users WHERE user='$user' AND pwd='$pw'";

Voila ! Anyone can log in as any user, using a query string like'%20OR%20(user='&pwd=')%20OR%20user=', which effectively calls the following statements:

$query = "SELECT login_id FROM users WHERE user='admin' OR (user = '' AND pwd='') OR user=''";

It's even simpler with the URL'%23, which executes the query SELECT login_id FROM users WHERE user='admin'#' AND pwd=''. Note that the # marks the beginning of a comment in SQL.

Again, it's a simple attack. Fortunately, it's also easy to prevent. You can sanitize the input using the addslashes() function that adds a slash before every single quote ('), double quote ("), backslash (\), and NUL (\0). Other functions are available to sanitize input, such as strip_tags().

Add Comment

* Required information


No comments yet. Be the first!

Most Viewed Articles (in MySQL )

Latest Articles (in MySQL)