What is SQL Injection
By: Emiley J.
SQL Injection is a method in which an attacker inserts malicious code into queries that run on your database. Have a look at this example:
$query = "SELECT login_id FROM users WHERE user='$user' AND pwd='$pw'";
VoilÃ ! Anyone can log in as any user, using a query string like http://example.com/login.php?user=admin'%20OR%20(user='&pwd=')%20OR%20user=', which effectively calls the following statements:
$query = "SELECT login_id FROM users WHERE user='admin' OR (user = '' AND pwd='') OR user=''";
Itâ€™s even simpler with the URL http://example.com/login.php?user=admin'%23, which executes the query SELECT login_id FROM users WHERE user='admin'#' AND pwd=''. Note that the # marks the beginning of a comment in SQL.
Again, itâ€™s a simple attack. Fortunately, itâ€™s also easy to prevent. You can sanitize the input using the addslashes() function that adds a slash before every single quote ('), double quote ("), backslash (\), and NUL (\0). Other functions are available to sanitize input, such as strip_tags().
1. Asking questions are genuinely pleasant thing if you are not understanding anything entirely, except
View Tutorial By: http://geschenkefuermaenner.info at 2017-04-16 02:58:49
View Tutorial By: Debrakerne at 2017-03-16 03:55:45
Comment on this tutorial
- Data Science
- Cloud Computing
- Java Beans
- Mac OS X
- Office 365
- Tech Reviews
Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them.
ERROR 1251: Client does not support authentication protocol requested by server; consider upgrading MySQL client
Changing the Structure of an Existing Table in MySQL
Inserting Data into Tables in MySQL
Querying the Database in MySQL
Modifying data and using WHERE clause in MySQL
MySQL Strengths and Weaknesses
Table __________ is marked as crashed and should be repaired.