SQL INJECTION PART 2
1) Create one table with the field and record as given for the example.
2) Create one PHP page and write the code for login… but this is very dangerous code because we haven’t specify the SQL injection.
3) In previous example we have already seen this example
Here user can enter any value and may be able to become login…So we have another way to protect login process. Open php.ini file…
Find the line MAGIC QUOTES FOR INCOMING GET/POST/COOKIE DATA.
What this is can do is?
IT can escape like the string written above automatically when you submit your data.
So in PHP.INI File magic_quotes_gpc=on turn it ON. And RESTART YOUR APACHE…
Now when you run the page and enter above string then it will gives us the output “INVALID USER NAME ANS PASSWORD”. So without changing in our code we have done operation for SQL INJECTION.
IF we magic_quotes_gpc=off turn it OFF again... Is there any other way to perform SQL INJECTION…(RESTART APACHE)
Then in PHP we have one function named mysql_real_escape_string()…It will escape the specific character…And it does escape SINGLE QUOTES…
wrap up your where condition with above code…
And then try to run the page also make change in if condition…
WHY ==1 ????
if condition >=1 then maybe it will return more than one row… but for login we have unique USER NAME … So always specify if condition == 1…
No comments:
Post a Comment