Skip to main content

Secure your web page against SQL injection

There is a number of things you can do… I will show you a few here…
Alternative one
Lets say this is your code:
Code
<?php
$result = mysql_query(‘SELECT text FROM pages WHERE id=’ . $_GET['id']);
echo($result);
?>
This means that you are selecting the page content which is ‘text’ from ‘pages’ in the SQL database, and you are sorting out the right page content with $_GET['id'] and $_GET['id'] is the thing in the url… Example;
Code
http://google.com/index.php?id=123
This code is easily injectable… But if you do this:
Code
<?php
$result = mysql_query(‘SELECT text FROM pages WHERE id=’ . mysql_real_escape_string($_GET['id']));
echo($result);
?>
You are 100% secure
Alternative two
This one is not as good as the first one… But still works
Again we say this is your php code:
Code
<?php
$result = mysql_query(‘SELECT text FROM pages WHERE id=’ . $_GET['id']);
echo($result);
?>
Again this is very simple to inject… But if you check $_GET['id'] for “illegal” characters! Like this:
Code
<?php
$pos = strrpos(strtolower($_GET['id']), “union”);
if ($pos === false){}else
{
die;
}
$pos = strrpos(strtolower($_GET['id']), “select”);
if ($pos === false){}else
{
die;
}
$pos = strrpos(strtolower($_GET['id']), “information_”);
if ($pos === false){}else
{
die;
}
$result = mysql_query(‘SELECT text FROM pages WHERE id=’ . $_GET['id']);
echo($result);
?>

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Adsense Alternatives

Many people have started using Google's AdSense program, but there are some who find it a bit too uncertain or simply not suiting their own requirements from an ad program. But thankfully for such people, there are many alternatives to AdSense which attempt to alleviate some of its shortcomings. Here is a list of the most noteworthy ones from the lot with a description concerning each one. AllFeeds (http://www.allfeeds.com/?action=publishers) AllFeeds has a great pool of online advertisers to choose from. It also features many display formats that you can choose from. These include banners, buttons, XML feeds, DHTML pop-ups and so on. It also features real time reporting of your ad status. The site will mail a check every month, provided that you earn more then $25.00, while rolling over earnings for the next month if you don't. Another interesting thing about AllFeeds is that it integrates with Google AdSense, maximizing your earnings with AdSense. MarketBanker (http://www.mar...
2 comments
Read more

AutoCAD 2011 KeyGen : AutoCAD 2011′s Serial, Activation, License Key, Product Key, Patch

[ How To Use ] Install Autodesk Autocad 2011 Use as Serial 356-72378422 .. or anything matching this template Use as Product Key 001C1 Finish the installation & restart Autodesk Product Before clicking on Activate You have 2 options (Choose option a or b) : - a) Disable Your network Card, pull the network cable out or block with firewall      (this is just to disable online serial check) OR - b) Click on Activate and it will tell you that your serial is wrong, simply click on close et click on activate again. Select “I have an activation code from Autodesk” Once at the activation screen : start XFORCE Keygen 32bits version if you are installing a 32bits application and 64bits if you are installing a 64bits application. Click on Mem Patch (you should see successfully patched) Copy the request code into the keygen and press generate Now copy the activation code back to the activation screen and click Next You have a fully registered autodesk product NO LAME...
Post a Comment
Read more

How To Hack Gmail Account Password Working 100 Percent

1st.. NOTE: This is for Educational Purpose Only. hackingfreaks.in is not responsible for any damage done by You. Things That you Need for Hacking Gmail Account Password: 1. Gmail Phisher 2. Free Web hosting Site 3. Little bit of manual Work :P Introduction to Phishing:- If you know little bit of Hacking then Its must for you know About Phishing i.e What is Phishing and how it works and most important How you can protect yourself from getting into the Trap. I will try to explain all of these in my article. First of all What are Phish pages and what is phishing?? Phish pages are basically the fake pages or virtual pages that looks similar to the original website Page. The only difference is the batch program running in the background i.e Original Webpage sends requests to Gmail server while Phish Page sends request to hacker’s php server. Now Phishing is a password hacking technique commonly used by hackers using phish pages that looks similar to original web page. The only...
5 comments
Read more