There is a number of things you can do… I will show you a few here…
Alternative one
Lets say this is your code:
Lets say this is your code:
Code
<?php
$result = mysql_query(‘SELECT text FROM pages WHERE id=’ . $_GET['id']);
echo($result);
echo($result);
?>
This means that you are selecting the page content which is ‘text’ from ‘pages’ in the SQL database, and you are sorting out the right page content with $_GET['id'] and $_GET['id'] is the thing in the url… Example;
Code
http://google.com/index.php?id=123
This code is easily injectable… But if you do this:
Code
<?php
$result = mysql_query(‘SELECT text FROM pages WHERE id=’ . mysql_real_escape_string($_GET['id']));
echo($result);
echo($result);
?>
You are 100% secure
Alternative two
This one is not as good as the first one… But still works
Again we say this is your php code:
Code
<?php
$result = mysql_query(‘SELECT text FROM pages WHERE id=’ . $_GET['id']);
echo($result);
echo($result);
?>
Again this is very simple to inject… But if you check $_GET['id'] for “illegal” characters! Like this:
Code
<?php
$pos = strrpos(strtolower($_GET['id']), “union”);
if ($pos === false){}else
{
die;
}
if ($pos === false){}else
{
die;
}
$pos = strrpos(strtolower($_GET['id']), “select”);
if ($pos === false){}else
{
die;
}
if ($pos === false){}else
{
die;
}
$pos = strrpos(strtolower($_GET['id']), “information_”);
if ($pos === false){}else
{
die;
}
if ($pos === false){}else
{
die;
}
$result = mysql_query(‘SELECT text FROM pages WHERE id=’ . $_GET['id']);
echo($result);
echo($result);
?>
Comments
Post a Comment