Tuesday 17 October 2017

php - Protection against SQL injection





Does the following PHP MySQL statement protect against SQL
Injection?




$strSQL =
"SELECT * FROM Benutzer WHERE Benutzername = '".$Benutzer."' AND Password =
'".md5($PW)."'";


The
Variables $Benutzer and $PW are inputs
from the User.



We're checking the username and
password against common SQL Injection
techniques:





' or 0=0 --, " or 0=0 --,
or 0=0
--
, ' or 0=0 #,
" or 0=0 #, or 0=0 #, ' or
'x'='x
, " or "x"="x,


') or ('x'='x, ' or 1=1--,
" or
1=1--
, or 1=1--,
' or a=a--, "
or "a"="a
,
') or ('a'='a, ") or

("a"="a
, hi" or "a"="a, hi" or
1=1
--
, hi' or 1=1 --, hi'
or 'a'='a
, hi') or ('a'='a and hi")
or

("a"="a
.




Am
I missing something? Should I use a different method to protect against SQL
injection?


itemprop="text">
class="normal">Answer





You may want to look into
parameterized queries for querying the database. This eliminates SQL injection
attacks.



I work primarily with postgreSQL, and
the format for doing such a query would look something like
this:



$query = 'select * from
Benutzer where Benutzername = $1 and Passwort = $2';
$params =
array($Benutzer, md5($PW));
$results = pg_query_params($query,
$params);


Most
databases have a function that will be similar to this
funationality.




I hope this helps and
good luck!



Kyle



No comments:

Post a Comment

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print &q...