Tuesday, 17 October 2017

php - Protection against SQL injection





Does the following PHP MySQL statement protect against SQL
Injection? 




$strSQL =
            "SELECT * FROM Benutzer WHERE Benutzername = '".$Benutzer."' AND Password =
            '".md5($PW)."'";


The
Variables $Benutzer and $PW are inputs
from the User.



We're checking the username and
password against common SQL Injection
techniques:





' or 0=0 --, " or 0=0 --,
or 0=0
--, ' or 0=0 #,
" or 0=0 #, or 0=0 #, ' or
'x'='x, " or "x"="x,


') or ('x'='x, ' or 1=1--,
" or
1=1--, or 1=1--,
' or a=a--, "
or "a"="a,
') or ('a'='a, ") or

("a"="a, hi" or "a"="a, hi" or
1=1
--, hi' or 1=1 --, hi'
or 'a'='a, hi') or ('a'='a and hi")
or

("a"="a.




Am
I missing something? Should I use a different method to protect against SQL
injection?


itemprop="text">
class="normal">Answer





You may want to look into
parameterized queries for querying the database. This eliminates SQL injection
attacks.



I work primarily with postgreSQL, and
the format for doing such a query would look something like
this:



$query = 'select * from
            Benutzer where Benutzername = $1 and Passwort = $2';
$params =
            array($Benutzer, md5($PW));
$results = pg_query_params($query,
            $params);


Most
databases have a function that will be similar to this
funationality.




I hope this helps and
good luck!



Kyle



-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print ...