Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
SQL INJECTION
IN ACTION
Pradeep Kumar
What is SQL Injection?
• SQL injection is a code injection technique, used to attack
data-driven applications, in which ne...
Causes of SQL Injection
• Incorrectly filtered escape characters
Attacker sends following input in a text field and develo...
SQL Injection Example
HTML File –
[index.html]
<form action="injection.php" method="POST">
<p>
Username: <input type="text...
SQL Injection Example
PHP File – [injection.php]
<?php
//connection to the database and select a DB to work with
$dbhandle...
What’s wrong with the code
//execute the SQL query and return records
$username = $_POST[‘username’];
$password = $_POST[‘...
Fixing the code
//execute the SQL query and return records
$username = mysql_real_escape_string( $_POST[‘username’] );
$pa...
Complete code
A copy of complete code is available here
https://github.com/prady00/php-security-essentials
Need help?
Please connect via email
pradeep.online00@gmail.com
Thankyou

Upcoming SlideShare
Loading in …5
×

SQL Injection in action with PHP and MySQL

6,068 views

Published on

A hands-on example for SQL injection using PHP and MySQL
It also offers an overview how it gets into in our applications and how we can overcome SQL Injection.

Published in: Engineering
  • DOWNLOAD FULL BOOKS INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Preventing sql injections is not that big of a task. There are two easy methods to prevent php sql injection (https://www.cloudways.com/blog/protect-php-website-sql-injection/ ) vulnerability. You can use prepared statement or you can also use str_replace() function in your script to prevent it.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

SQL Injection in action with PHP and MySQL

  1. 1. SQL INJECTION IN ACTION Pradeep Kumar
  2. 2. What is SQL Injection? • SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). • SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed.
  3. 3. Causes of SQL Injection • Incorrectly filtered escape characters Attacker sends following input in a text field and developer doesn’t filters it for further computation. myuser' or 'foo' = 'foo' -- • Incorrect type handling or passing wrong data to DB Developer sends this unfiltered data to database. <?php $sql = "SELECT * FROM users WHERE username = 'myuser' or 'foo' = 'foo' -- AND password = 'a029d0df84eb5549c641e04a9ef389e5'"; ?>
  4. 4. SQL Injection Example HTML File – [index.html] <form action="injection.php" method="POST"> <p> Username: <input type="text" name="username" /> </p> <p> Password: <input type="password" name="password" /> </p> <p> <input type="submit" value="Log In" /> </p> </form>
  5. 5. SQL Injection Example PHP File – [injection.php] <?php //connection to the database and select a DB to work with $dbhandle = mysql_connect('localhost', 'root', '') or die('MySQL not connected'); mysql_select_db('php_security',$dbhandle) or die ( 'Could not select php_security' ); // execute the SQL query and return records $username = $_POST["username"]; $password = $_POST["password"]; //uncomment these to fix SQL injection //$username = mysql_real_escape_string( $_POST["username"] ); //$password = mysql_real_escape_string( $_POST["password"] ); $query = "SELECT * FROM users WHERE username='$username' AND password='$password'"; $result = mysql_query( $query , $dbhandle); // fetch tha data from the database $num = mysql_num_rows($result); if ($num > 0) { print 'got a matching user'; } // close the connection mysql_close ( $dbhandle );
  6. 6. What’s wrong with the code //execute the SQL query and return records $username = $_POST[‘username’]; $password = $_POST[‘password’]; $query = "SELECT * FROM users WHERE username = $username AND password=$password"; In the above example, if we take $password as myuser' or 'foo' = 'foo $query becomes = SELECT * FROM users WHERE username = ‘prady’ AND password = 'myuser' or 'foo' = 'foo'
  7. 7. Fixing the code //execute the SQL query and return records $username = mysql_real_escape_string( $_POST[‘username’] ); $password = mysql_real_escape_string( $_POST[‘password’] ); $query = "SELECT * FROM users WHERE username = $username AND password=$password";
  8. 8. Complete code A copy of complete code is available here https://github.com/prady00/php-security-essentials
  9. 9. Need help? Please connect via email pradeep.online00@gmail.com
  10. 10. Thankyou 

×