Skip to main content

Secure your web page against SQL injection

There is a number of things you can do… I will show you a few here…
Alternative one
Lets say this is your code:
Code
<?php
$result = mysql_query(‘SELECT text FROM pages WHERE id=’ . $_GET['id']);
echo($result);
?>
This means that you are selecting the page content which is ‘text’ from ‘pages’ in the SQL database, and you are sorting out the right page content with $_GET['id'] and $_GET['id'] is the thing in the url… Example;
Code
http://google.com/index.php?id=123
This code is easily injectable… But if you do this:
Code
<?php
$result = mysql_query(‘SELECT text FROM pages WHERE id=’ . mysql_real_escape_string($_GET['id']));
echo($result);
?>
You are 100% secure
Alternative two
This one is not as good as the first one… But still works
Again we say this is your php code:
Code
<?php
$result = mysql_query(‘SELECT text FROM pages WHERE id=’ . $_GET['id']);
echo($result);
?>
Again this is very simple to inject… But if you check $_GET['id'] for “illegal” characters! Like this:
Code
<?php
$pos = strrpos(strtolower($_GET['id']), “union”);
if ($pos === false){}else
{
die;
}
$pos = strrpos(strtolower($_GET['id']), “select”);
if ($pos === false){}else
{
die;
}
$pos = strrpos(strtolower($_GET['id']), “information_”);
if ($pos === false){}else
{
die;
}
$result = mysql_query(‘SELECT text FROM pages WHERE id=’ . $_GET['id']);
echo($result);
?>
Labels:

Comments

Post a Comment

Popular posts from this blog

Valentine's week

Celebrate your Valentine's week with  Your Valentine 7 Feb Rose Day 8 Feb Propose Day 9 Feb Chocolate Day 10 Feb Teddy Day 11 Feb Promise Day 12 Feb Kiss Day 13 Feb Hug Day 14 Feb VALENTINE'S DAY 15 Feb Slap Day 16 Feb Kick Day 17 Feb Perfume Day 18 Feb Flirting Day 19 Feb Confession Day I want to confess dear sweetheart!! (*-*) 21 Feb Break Up
Post a Comment
Read more

Free download XSS SHELL v0.3.8

XSS SHELL v0.3.8 WHAT IS XSS SHELL ? XSS Shell is powerful a XSS backdoor and zombie manager. This concept first presented by "XSS-Proxy - http://xss-proxy.sourceforge.net/  ". Normally in XSS attacks attacker has one shot, in XSS Shell you can interactively send requests and get responses from victim. you can backdoor the page.  You can steal basic auth, you can bypass IP restrictions in administration panels, you can DDoS some systems with a permanent XSS vulnerability etc. Attack possibilities are limited with ideas. Basically this tool demonstrates that you can do more with XSS. FEATURES XSS Shell has several features to gain whole access over victim. Also you can simply add your own commands.  Most of the features can enable or disabled from configuration or can be tweaked from source code. Features; - Regenerating Pages - This is one of the key and advanced features of XSS Shell. XSS Shell re-renders the infected page and keep user in virtual environment...
Post a Comment
Read more

How To Hack Gmail Account Password Working 100 Percent

1st.. NOTE: This is for Educational Purpose Only. hackingfreaks.in is not responsible for any damage done by You. Things That you Need for Hacking Gmail Account Password: 1. Gmail Phisher 2. Free Web hosting Site 3. Little bit of manual Work :P Introduction to Phishing:- If you know little bit of Hacking then Its must for you know About Phishing i.e What is Phishing and how it works and most important How you can protect yourself from getting into the Trap. I will try to explain all of these in my article. First of all What are Phish pages and what is phishing?? Phish pages are basically the fake pages or virtual pages that looks similar to the original website Page. The only difference is the batch program running in the background i.e Original Webpage sends requests to Gmail server while Phish Page sends request to hacker’s php server. Now Phishing is a password hacking technique commonly used by hackers using phish pages that looks similar to original web page. The only...
5 comments
Read more