Comments on: Preventing MySQL Injection attacks with PHP

vv-reflex

Tue, 23 Mar 2010 00:55:42 GMT

You should set the single quote for the numeric values too !
Otherwise an efficient attack is:
map.php?id=24%20and%203%3D8%20union%20select%200x2128265E29284023... (cut url).
This attack allow hacker to browser your database !

jurerick

Fri, 09 Oct 2009 10:04:59 GMT

Wow great! thnx

NachoF

Thu, 28 Aug 2008 01:07:17 GMT

I am trying to replicate this vulnerabilities but I can never seem to actually exploit it...

$sql="SELECT login, password,privilegio FROM usuario WHERE login='".$login."' AND password='".$password."'";

I have tried typing ' OR ''='' into my input text box but it never passes the
if($num_rows>=1)
{
header("Location: frame1.html?nom=$login");
}

When I normally type the correct name and password it does.

lobo235

Tue, 19 Aug 2008 15:30:27 GMT

This code does not rely on a call to session_start(). You must have something else in your code that relies upon it.

killbill

Fri, 25 Jul 2008 19:19:07 GMT

Is there some reason I am missing why this code will only work when I create a session with session_start()

When I run this code on a form without session_start() is does not work?

Robert

Thu, 29 Nov 2007 18:07:27 GMT

the quote_smart function given here, taken from the php docs, has some flaws. you should refer to the notes in the documentation for updated versions and discussion on changes

http://us3.php.net/manual/en/function.mysql-real-escape-string.php#78893

lobo235

Tue, 20 Nov 2007 16:10:03 GMT

I am not familiar with MSSQL. I have only worked with Oracle and MySQL.

senthil

Tue, 20 Nov 2007 11:10:26 GMT

Its very good and it works fine
very useful function u have written
how to handle this in the case of mssql.
Expecting your reply

deepak

Tue, 06 Nov 2007 13:29:18 GMT

This is great web site to a beginer as well as a professional....
Really marvelleous...
Thanks fro this knid of depth internal knowledge...
Its really intresting to read this...