tags:

views:

82

answers:

3
+1  Q: 

sql injection in php

my query written in php is:

$sql="SELECT * FROM ".TABLE_PREFIX."login WHERE username ='".$username."' 
      AND password='".$password."'";
$res_id = mysql_query($sql);
$num_rows = mysql_num_rows($res_id);
echo $num_rows;

When i enter a valid user name and password from a form it works ok.

When i input some sql injection code the query output is:

SELECT * FROM form_login WHERE username ='' or '1'='1' AND password='' or '1'='1'

Which is a valid sql statement.But it gives an output(ie number of rows) as 0(zero).

If I write the same output sql statement in the program itself as-

$sql="SELECT * FROM form_login WHERE username ='' or '1'='1' 
   AND password='' or '1'='1'";

it works fine and it gives some result(for eg 3).

How can i get the correct result by inputing the sql injection code?

A: 

Before using any variable in a query, pass it through mysql_real_escape_string.

Sjoerd  2010-07-01 07:39:20
I think in this case, he WANTS to have a SQL-Injection ;)
DrColossos  2010-07-01 07:41:52
Not "any variable", but variable, enclosed in quotes only. So, there must be something for the rest.
Col. Shrapnel  2010-07-01 07:54:14
+1  A: 

Try echoing out the SQL statement. It may not be what you think it is, especially if magic_quotes_gpc is enabled.

Amber  2010-07-01 07:39:32
i echoed the sql statement and my sql statement is as i have given in the question.SELECT * FROM form_login WHERE username ='' or '1'='1' AND password='' or '1'='1' but the result is not comming.
 2010-07-01 09:05:55
A: 

Or better yet, NEVER CONCATENATE SQL!

Try using the PDO library with prepared sql statements

Values are inherently safe in this mode.

Justin Alexander  2010-07-01 08:04:50

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases