|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
 |
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
|
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Display Modes |
Dev Articles Community Forums Sponsor:
|
|
|
|
#1
April 2nd, 2004, 09:52 AM
|
|||
|
|||
SQL injection attack
Hi
I am in happy stages of finishing my project off for university when some one happens to mention the phrase "SQL injection"  I now understand what it is but... (To all those who dont, its the abilty to insert extra sql commands through a text field in form that could allow direct acces to the databse. - i found really useful document at http://www.spidynamics.com/papers/S...nWhitePaper.pdf It is in asp but the concept remains the same.) Does the Sql Injection affect php? as i have tried and it returns /' instead of ' which is needed for SQL injection for example using the example code below if I was to SQL injection attack I could use the following. Inserting this in to my form 1’;Drop project1 database; SELECT * from Table1 where a = ‘a In ASP to the sql server it would appear select a from Table1 where a =’1’;Drop project1 database; SELECT * from Table1 where a = ‘a’; which would be terrible to my project as it would delete databse called project1 Where in php it would appear select a from Table1 where a =’1/’;Drop project1 database; SELECT * from Table1 where a = /‘a’; which would make the sql query invalid and so not run. Am I right that PHP is secure and safe from SQL injection attacks in this case? Or is there syntax to insert a ‘ with out a / ? Any other security holes I should be aware of? If you do know way of breaking to through this php and way to stop please let me know The code for testing? PHP Code:
|
|
#2
April 2nd, 2004, 11:00 AM
|
||||
|
||||
|
You should really handle this in your code. I'm guessing that your server has the switch turned on that automatically escapes quotes. If you were to move your code to another server that didn't have this turned on and you didn't have other measures in place, you could find your code suddenly insecure.
One thing you can do is to always verify that you're getting what you expect. Run intval() on values that you expect to be integers, for example. I also usually run a function on all GET and POST vars that runs some regular expressions on each value to make sure people aren't trying to inject SQL code. If I see "INSERT INTO [something]" or "DELETE FROM [something]" or other obvious attempts to inject SQL, I log the attempt and redirect to an error page before I've ever even gotten to the actual business logic of my code. This works fine for me because my applications aren't typically ones that require people to submit SQL code. PHP's definitely not safe from SQL injection, and you should make sure your code's safe rather than relying on server settings that could change out from under you with nary a warning. Sounds like you're heading down the right path and have a pretty good grasp on the issue.
__________________
Please don't PM me asking for solutions outside the scope of a thread. Keeping all responses in a thread stands to help others who come along later, which is after all what this forum's all about.
|
|
#4
April 5th, 2004, 09:15 PM
|
||||
|
||||
|
I read somewhere that simply replacing semicolons will a null character ruins most attacks... however this might also affect the data being sent (if its an essay or some kind of well paper which uses semicolons)...
Just another point of view
|
|
| Viewing: Dev Articles Community Forums > Programming > General Programming Help > SQL injection attack |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
