SQL INJECTION
1) In the example we are going to learn the SQL injection but before that let’s just revise the login concept.
you can see that when you run the page all the time it will give me the output LOGIN….
But if user enters something different then HARSHIDA AND PARMAR… Then something is happen which is not allowed in our programming… Check it out as below code…
So here you can see that user name is ‘ ' OR ' '=' ‘ and user last name is also ' ‘ OR ' '=' ‘. When this query is execute then
‘ ’ :- Nothing
OR
‘ ‘ = ‘ ‘ :- Nothing equal Nothing
When we run the page it will return all the ID from the table…
So we can understand that user may enter something like this into the textbox and can fire the query…
We have several way to protect from SQL INJECTION…
1) Open PHP MYADMIN AND SELECT PRIVILEGES TAB … And uncheck the checkbox which you want …
No comments:
Post a Comment