SQL Injection Attack - PHP & MySQL

In this attack, a  hacker is able to execute SQL queries in your website's database. This attack is usually performed by entering text into a form field which causes a subsequent SQL query, generated from the PHP form processing code, to execute part of the content of the form field as though it were SQL. The effects of this attack range from the harmless (simply using SELECT to pull another data set) to the devastating (DELETE, for instance).

It is a basically a trick to inject SQL command or query as a input mainly in the form of the POST or GET method in the web pages. Most of the websites takes parameter from the form and make SQL query to the database.
For a example, in a product detail page of php, it basically takes a parameter product_id from a GET method and get the product detail from database using SQL query. With SQL injection attack, a intruder can send a crafted SQL query from the URL of the product detail page and that could possibly do lots of damage to the database. And even in worse scenario, it could even drop the database table as well.


For Example
you have login page and ask user to login via putting username & password into form.
suppose that a intruder called user injected x’ OR ‘x’='x in the username field and x’ OR ‘x’='x in the password field. Then the final query will become like this.

SELECT * FROM users WHERE username=’x’ OR ‘x’='x’ AND password=’x’ OR ‘x’='x’;

Now what happen, it will return the first record of table users 

&

user who is not authorize, will be able to login in website.

use mysql_real_escape_string function to avoid the problem.




http://dev.mysql.com/tech-resources/articles/guide-to-php-security-ch3.pdf


How can I prevent SQL-injection in PHP?
1. USe PDO

$stmt = $pdo->prepare('SELECT * FROM users WHERE name = :name');
$stmt->execute(array('name' => $name));
foreach ($stmt as $row) {
    /* Do your Action **/

    /* Do your Action **/
}

2. USe MySqlI instead of MySQL. MySQLI is far better than MySql

$stmt = $dbConnection->prepare('SELECT * FROM users WHERE name = ?');
$stmt->bind_param('s', $name);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
    /* Do your Action **/

    /* Do your Action **/
}

3. Use framework and execute the query with framework like zend, cakephp and magento etc. But for this you must install the framework.

Best Related Posts are Following:

1. How can I prevent SQL-injection in PHP?.
2. What is Best method for sanitizing user input with PHP?.
3. Difference between Notice and warning and fatal error.
4. How can I prevent SQL-injection in PHP [SOLVED].
5. PHP Register Globals.
6. PHP Sessions and Cookie and Security.
7. Free Boost Web Application By 20% in Simple Steps.
8. PHP Check Mime Type of File - Return Information About A File.
9. Crontab Interview Questions and Answers.
10. Improve Ajax Performance.
11. PHP Captcha Code Example Code Snippets.
12. PHP - Secure Ajax Call from Hackers - Example.
13. htaccess code snippets example.
14. Manage Cron Job with PHP - SSH2 Connection.
15. Shared Server Security Risk open_basedir disable_functions disable_classes.
16. Spoofed Forms - Stop Spoofed Form Submissions.
17. Session Fixation.
18. Session Hijacking.
19. openssl private encrypt.
20. Cross Site Request Forgery.
21. SQL Injection Attack - PHP & MySQL.
22. Cross-Site Scripting.
23. PHP INI settings.

Cross-Site Scripting - cross site scripting examples

Cross Site Scripting, OR XSS, is a way for hackers to gather your website’s user data by using malicious markup or JavaScript code to trick a user, or their browser, to follow a bad link or present their login details to a fake login screen that instead of logging them in, steals their personal information. The best way to defend against XSS is following...

Strip html tags like h1, <script>, for this use php strip_tags function

escape the data before showing on website, for this use htmlentities function.


An Example:
A basic example of XSS is when a malicious user injects a script in a legitimate shopping site URL which in turn redirects a user to a fake but identical page. The malicious page would run a script to capture the cookie of the user browsing the shopping site, and that cookie gets sent to the malicious user who can now hijack the legitimate user’s session. Although no real hack has been performed against the shopping site, XSS has still exploited a scripting weakness in the page to snare a user and take command of his session. A trick which often is used to make malicious URLs less obvious is to have the XSS part of the URL encoded in HEX (or other encoding methods). This will look harmless to the user who recognizes the URL he is familiar with, and simply disregards and following ‘tricked’ code which would be encoded and therefore inconspicuous.

Best Related Posts are Following:

1. How can I prevent SQL-injection in PHP?.
2. What is Best method for sanitizing user input with PHP?.
3. How can I prevent SQL-injection in PHP [SOLVED].
4. PHP Register Globals.
5. PHP - Secure Ajax Call from Hackers - Example.
6. htaccess code snippets example.
7. Manage Cron Job with PHP - SSH2 Connection.
8. Shared Server Security Risk open_basedir disable_functions disable_classes.
9. Spoofed Forms - Stop Spoofed Form Submissions.
10. Session Fixation.
11. Session Hijacking.
12. openssl private encrypt.
13. Cross Site Request Forgery.
14. SQL Injection Attack - PHP & MySQL.
15. Cross-Site Scripting.
16. PHP INI settings.