Adrian Collier - SQL Injection

SQL Injection

SQL Injections are the act of injecting arbitrary SQL code into a query tricking the application into doing something unintended. This means an attacker could gain administrator privileges without a password or even delete records.

To prevent SQL Injection's you must check and sanitize any user input. If a text field is supposed to contain numbers make sure the user data is actually a number.


if(!is_numeric($_POST['number'])) die('Please choose a number.');


Sanitizing data before inserting it into a database means escaping any characters that may trick the query. Using addslashes() is helpful but might not be enough. For MYSQL using the mysql_real_escape_string() function makes user data safe.


$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
$sql="SELECT * FROM users WHERE username='$username' AND password='$password'";


<
>