Scribd
Upload
83 views3 pages

What Is SQL Injection in PHP Security?

This document discusses SQL injection vulnerabilities in PHP applications. It provides an example of how a malicious user could exploit a SQL query that directly inserts $_POST values to create two user accounts instead of one, by entering SQL syntax into the username field. The document emphasizes the importance of sanitizing user input to prevent SQL injection attacks, and provides recommendations like filtering data, quoting values, and escaping strings. It also discusses cross-site scripting (XSS) vulnerabilities that can occur when untrusted user input is displayed on a webpage without sanitization.

Uploaded by

alexandere1984123
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
83 views3 pages

What Is SQL Injection in PHP Security?

This document discusses SQL injection vulnerabilities in PHP applications. It provides an example of how a malicious user could exploit a SQL query that directly inserts $_POST values to create two user accounts instead of one, by entering SQL syntax into the username field. The document emphasizes the importance of sanitizing user input to prevent SQL injection attacks, and provides recommendations like filtering data, quoting values, and escaping strings. It also discusses cross-site scripting (XSS) vulnerabilities that can occur when untrusted user input is displayed on a webpage without sanitization.

Uploaded by

alexandere1984123
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

What is SQL Injection in PHP security?

SQL injection attacks are extremely simple to defend against, but many applications are still vulnerable. Consider
the following SQL statement:

<?php

$sql = "INSERT

INTO users (reg_username,

reg_password,

reg_email)

VALUES ('{$_POST['reg_username']}',

'$reg_password',

'{$_POST['reg_email']}')";

?>

This query is constructed with $_POST, which should immediately look suspicious.

Assume that this query is creating a new account. The user provides a desired username and an email address.
The registration application generates a temporary password and emails it to the user to verify the email address.
Imagine that the user enters the following as a username:

bad_guy', 'mypass', ''), ('good_guy

This certainly doesn’t look like a valid username, but with no data filtering in place, the application can’t tell. If a
valid email address is given ([email protected], for example), and 1234 is what the application generates for the
password, the SQL statement becomes the following:

<?php

$sql = "INSERT

INTO users (reg_username,

reg_password,

reg_email)

VALUES ('bad_guy', 'mypass', ''),

('good_guy',

'1234',

'[email protected]')"; ?>
Rather than the intended action of creating a single account (good_guy) with a valid email address, the application
has been tricked into creating two accounts, and the user supplied every detail of the bad_guy account.

While this particular example might not seem so harmful, it should be clear that worse things could happen once
an attacker can make modifications to your SQL statements.

For example, depending on the database you are using, it might be possible to send multiple queries to the
database server in a single call. Thus, a user can potentially terminate the existing query with a semicolon and
follow this with a query of the user’s choosing.

MySQL, until recently, does not allow multiple queries, so this particular risk is mitigated. Newer versions of MySQL
allow multiple queries, but the corresponding PHP extension (ext/mysqli) requires that you use a separate function
if you want to send multiple queries (mysqli_multi_query() instead of mysqli_query()). Only allowing a single query
is safer, because it limits what an attacker can potentially do.

Protecting against SQL injection is easy:

 Filter your data.This cannot be overstressed. With good data filtering in place, most security concerns are
mitigated, and some are practically eliminated.
 Quote your data.If your database allows it (MySQL does), put single quotes around all values in your SQL
statements, regardless of the data type.

Escape your data.Sometimes valid data can unintentionally interfere with the format of the SQL statement itself.
Use mysql_escape_string() or an escaping function native to your particular database. If there isn’t a specific one,
addslashes() is a good last resort.

What is cross site Scripting?

To understand what Cross Site Scripting is, let’s see a usual situation, common to many sites. Let’s say we are
taking some information passed in on a querystring (the string after the (?) character within a URL), with the
purpose of displaying the content of a variable, for example, the visitor’s name:

http://www.yourdomain.com/welcomedir/welcomepage.php?name=John
As we can see in this simple querystring, we are passing the visitor’s name as a parameter in the URL, and then
displaying it on our “welcomepage.php” page with the following PHP code:

<?php

echo ‘Welcome to our site ’ . stripslashes($_GET[‘name’]);

?>
The result of this snippet is shown below:

Welcome to our site John


This is pretty simple and straightforward. We’re displaying the content of the “name” variable, by using the $_GET
superglobal PHP array, as we have done probably hundreds of times. Everything seems to be fine. Now, what’s
wrong with this code? Nothing really. But let’s modify the querystring by replacing our visitor’s name passed in the
URL:

http://www.yourdomain.com/welcomedir/
welcomepage.php?name=John
with something like this:

http://www.yourdomain.com/welcomedir/
welcomepage.php?name=
<script language=javascript>alert
(‘Hey, you are going to be hijacked!’);</script>
Do you remember the PHP code included in our “welcome.php” page? Yes, you’re correct. When we modify the
querystring, the following code is executed:

<?php

echo ‘Welcome to our site ‘ .


<script language=javascript> alert(‘Hey, you are going
to be hijacked!’);</script>

?>
The output of this code is an alert JavaScript box telling you “Hey, you are going be hijacked!” after the “Welcome
to our site” phrase.

Very ugly stuff, right? That’s a simple example of the Cross Site Scripting vulnerability. This means that any pasted
JavaScript code into the URL will be executed happily with no complaints at all.

Which method do you follow to get a record from a million records? (Searching, …. not from database,
from an array in php)

use array_search(), array_keys(), array_values(), array_key_exists(), and in_array().

Which sorting method is lowest time consumable?

HeapSort, Merge sort are the lowest time consumable sorting algorithm

Which sorting method is lowest memory consumable?

You might also like