Tuesday, September 14, 2010

How to secure your web page against SQL injection

 

Here is a number of things you can do... I will show you a few here...

Alternative one
Lets say thins is your code:
Code:

$result = mysql_query('SELECT text FROM pages WHERE id=' . $_GET['id']);
echo($result);

?>


This means that you are selecting the page content witch is 'text' from 'pages' in the SQL database, and you are sorting out the right page content with $_GET['id'] and $_GET['id'] is the thing in the url... Example; http://google.com/index.php?id=123

This code is easely injecteble... But if you do this:
Code:

$result = mysql_query('SELECT text FROM pages WHERE id=' . mysql_real_escape_string($_GET['id']));
echo($result);

?>

You are 100% secure





Alternative two
This one is not as good as the first one... But still works

Again we say this is your php code:
Code:

$result = mysql_query('SELECT text FROM pages WHERE id=' . $_GET['id']);
echo($result);

?>


Again this is verry simple to inject... But if you check $_GET['id'] for "iligal" characters! Like this:
Code:

$pos = strrpos(strtolower($_GET['id']), "union");
if ($pos === false){}else
{
die;
}

$pos = strrpos(strtolower($_GET['id']), "select");
if ($pos === false){}else
{
die;
}

$pos = strrpos(strtolower($_GET['id']), "information_");
if ($pos === false){}else
{
die;
}

$result = mysql_query('SELECT text FROM pages WHERE id=' . $_GET['id']);
echo($result);

?> 

................ ................................................................................................................................................................................................

.......................................................................................................................................................................................................................

0 comments:

Post a Comment