SQL Injection

by deva 2007-09-28 11:50:07


What is SQL Injection.

SQL injection is entry of wrong data in your database with or without knowing. Such data is wrong in the sense that it does not stop the SQL query from running, but the query produces wrong results. consider the below example of a user login..

----a good user's name:----

$name = "timmy";
$query = "SELECT * FROM customers WHERE username = '$name'";
echo "Normal: " . $query . "<br />";

Display:
Normal: SELECT * FROM customers WHERE username = 'timmy'

MySQL statement will just select everything from customers that has a username equal to timmy.


----wrong user input - SQL Injection:----

$name_bad = "' OR 1'";
$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
echo "Injection: " . $query_bad;

Display:
Injection: SELECT * FROM customers WHERE username = '' OR 1''

By using a single quote (') they have ended the string part of our MySQL query
* username = ' '

and then added on to our WHERE statement with an OR clause of 1 (always true).
* username = ' ' OR 1

This OR clause of 1 will always be true and so every single entry in the customers table would be selected by this statement!

Tagged in:

1107
like
0
dislike
0
mail
flag

You must LOGIN to add comments