• RSS
  • Twitter
  • Facebook

SQL Injection Protection

Categories

Archive

Site Builder

Personalized Website Design. Professional Designers to handle all your requirements. Includes Email & Web Hosting. Site ready in less than 2 weeks.

Learn More

eCommerce Builder

We help you create your own Shopping Cart. We have professional designers to handle all your requirements for a cheap price. Includes Email & Web Hosting. Website ready in less than 2 weeks.

Learn More

SQL Injection Protection

Date: 23 August 2011  |  Posted by admin  |  Category: ,
Add This
Post a Comment  |  

SQL Injection is an attack technique used to exploit applications that construct SQL statements from user-supplied input. When successful, the attacker is able to change the logic of SQL statements executed against the database. This can allow an attacker to not only steal data from your database, but also modify and delete it. It's one of the more popular application layer hacking techniques that is used in the wild today. In this tutorial will teach you how to create your own function to protect your website against sql injection.

Poorly Filtered Strings

SQL injections based on poorly filtered strings are caused by user input that is not filtered for nonperformance characters. This means that a user can input a string that can be passed on as an SQL statement, resulting in database manipulation. The following examples illustrate a vulnerable code:

$password = $_POST['password'];
$query = mysql_query("SELECT password FROM users WHERE password = '". $password . "'");

The query above is an SQL call to SELECT the password from the users database, If the user input for the password is ' OR 1 = 1 /* will result in the query being extended with an OR statement as 1 does equal 1, thus the query will return TRUE, resulting in a positive login.

The SQL Protection

We create a function that will sanitize and escaped bad characters in the sql query and used the following useful php function. let's call it "safeSQL".

stripslashes() - If magic_quotes_gpc is enabled lets stripslashes so the string will not be double escaped.

addslashes() - If magic_quotes_gpc is not enabled lets add addslashes.

mysql_real_escape_string() - Final phase lets escape all special characters in the string.

Easy stuff, here is the full function:

<?php 
    function safeSQL($string)  
    {         
        if(get_magic_quotes_gpc()) // If magic_quotes_gpc is enabled. 
        { 
            $string = stripslashes($string);  
        } 
        elseif(!get_magic_quotes_gpc())  
        { 
            $string = addslashes($string);  
        } 
                     
        $string = mysql_real_escape_string($string);  
        return $string; // Returns the safe string. 
    } 
?>

Now to use this function, just wrap the function around the data, example:

<?php 
$password = safeSQL($_POST['password']); 
?>

Any Suggestion? Add a comment below. Thanks!

 

58 Comments

  1. DeriBibia
    (1 month ago)
    Hi there

    I'm a husband who love culinary arts, and having fun together with my in laws.
    It is actually very good whenever during autumn I devote a great deal of free timecooking with the help of my children, a little bit of entrees or a number of cake.

    The best is plum pie, on the other hand love cookery meat loaf as well as other containers like that.
    Also just like going on a vacation and then meetting innovative customers and new us.

    Deliver me a PM if you appreciate my presentation !
  2. Botox
    (4 months ago)
    This blog is nice and amazing. I love your post! It's also nice to see someone who does a lot of research and has a great knack for ting, which is pretty rare from bloggers these days.
    Thanks!
    <a h ref=”http://www.botoxinjections.net.” > Botox</a>
  3. william ruto
    (4 months ago)
    this article bring back my spirit especially to the blog-commenter .I was to give up but now that i have right information to make me go on.Thanks very much for the post.
  4. Schmidt Wans
    (4 months ago)
    Using well designed query language interpreters can prevent SQL injections. In the wild, it has been noted that applications experience, on average, 71 attempts an hour. When under direct attack, some applications occasionally came under aggressive attacks and at their peak, were attacked 800-1300 times per hour
  5. toficosugus
    (7 months ago)
    accutane online xll deltasone luwqxx
  6. dyosqkqvt
    (7 months ago)
    xHSBrt <a href="http://ggbjncwkwzwg.com/">ggbjncwkwzwg</a>, [url=http://tipvpbvwcywb.com/]tipvpbvwcywb[/url], [link=http://wjphsztlzrak.com/]wjphsztlzrak[/link], http://jldjqbumqrbf.com/
  7. Theo Towsley
    (7 months ago)
    These are yours alright! . We at the least have to get these folks stealing pictures to start out running a blog! They most likely just did a picture investigation and grabbed them. They appear great although!
  8. Ailene Schmit
    (7 months ago)
    I couldn’t resist commenting
  9. Lesley Kimberlin
    (7 months ago)
    I needed to thanks for this wonderful go through!! I certainly taking pleasure in each and every tiny little bit of it I've you bookmarked to examine out new things you post…
  10. Shamika Tyl
    (7 months ago)
    Getting examine this I assumed it had been extremely beneficial. I enjoy you taking some time and energy to place this short article collectively. I as soon as once again locate myself investing strategy to considerably time equally reading through and commenting. But so what, it had been even now worthwhile!

1 2 3 4 5 6 next »

Post Comment

RSS feed for comments on this page | RSS feed for all comments

TrackBacks

  • Aiyana Fulmer on 20/11/2011 5:58am

    Fantastic blog. Great.

  • Serenity Fergerson on 24/11/2011 2:19am

    I really liked your article.Really thank you! Awesome.

  • Katrina Newberg on 24/11/2011 9:57am

    Major thankies for the post.Thanks Again. Keep writing.

  • Ronald Bomar on 24/11/2011 11:26am

    Hey, thanks for the blog post.Really looking forward to read more. Cool.

  • Sharon Boatright on 24/11/2011 5:13pm

    Fantastic blog post.Thanks Again. Really Cool.

  • Cyrus Mikesell on 25/11/2011 8:00am

    Thanks for the blog article.Thanks Again. Much obliged.

  • Malia Karcher on 28/11/2011 5:34pm

    I truly appreciate this post.Much thanks again. Really Great.

  • hmiapasxolish apogeumatini on 01/12/2011 5:58pm

    Muchos Gracias for your article.Really looking forward to read more. Much obliged.

  • Hugh Connors on 03/12/2011 1:44am

    Major thankies for the article post.Much thanks again.

  • Mohammad Halbert on 03/12/2011 5:31am

    Fantastic post.Thanks Again. Much obliged.

  • Desiree Kovac on 04/12/2011 7:29pm

    Im obliged for the article post.Thanks Again. Really Cool.

  • Alma Schuetz on 05/12/2011 2:51am

    I cannot thank you enough for the article.Much thanks again. Keep writing.

  • Kenna Hendren on 05/12/2011 11:39pm

    Very good blog.Thanks Again. Fantastic.

  • Campbell Alday on 09/12/2011 5:43pm

    Thanks a lot for the blog.Thanks Again. Cool.

  • Tabitha Partida on 13/12/2011 4:27am

    Major thankies for the blog.Really looking forward to read more. Awesome.

  • Jorge Winkle on 13/12/2011 7:35pm

    Major thanks for the blog post.Much thanks again. Want more.

  • Bethany Deltoro on 14/12/2011 12:20am

    Really enjoyed this blog post. Will read on...

  • Saul Comstock on 14/12/2011 8:55pm

    Say, you got a nice blog post.Really thank you! Awesome.

  • Austyn Esser on 15/12/2011 1:46am

    Thanks again for the post.Much thanks again. Cool.

  • Alexandria Gingrich on 15/12/2011 12:57pm

    Major thankies for the blog.Much thanks again. Keep writing.

  • Destinee Simonetti on 17/12/2011 7:31pm

    Awesome article post.Really thank you!

  • Javon Thiele on 17/12/2011 11:55pm

    Enjoyed every bit of your article post.Thanks Again. Awesome.

  • dhmioyrgia istoselidwn on 29/12/2011 12:58pm

    nice thoughts..

  • Regrow Eyelashes on 03/01/2012 10:10pm

    Say, you got a nice post.Really thank you! Will read on...

  • Ryder Ezell on 06/01/2012 8:12am

    Major thankies for the blog post. Keep writing.

  • Shea Liptak on 11/01/2012 7:05am

    Really enjoyed this post.Much thanks again. Will read on...

  • &#954;&#945;&#964;&#945;&#963;&#954;&#949;&#965;&# on 17/01/2012 3:55pm

    I really liked your post.Much thanks again. Great.

  • Financial Planner Houston on 23/01/2012 4:21pm

    A big thank you for your post.Much thanks again. Great.

  • &#954;&#945;&#964;&#945;&#963;&#954;&#949;&#965;&# on 24/01/2012 4:34pm

    useful..

  • Danny Quesenberry on 03/02/2012 5:59pm

    A round of applause for your article.Really looking forward to read more. Awesome.

  • Samuel Bolyard on 03/02/2012 6:05pm

    This is one awesome blog post.Really thank you! Keep writing.

  • Nikhil Rossiter on 03/02/2012 6:10pm

    Hey, thanks for the blog.Thanks Again. Fantastic.

  • Nichole Salazar on 05/02/2012 10:43pm

    Very good article. Great.

  • Myles Rayford on 05/02/2012 10:45pm

    Major thankies for the article post.Really thank you!

  • Kenzie Swayze on 05/02/2012 10:50pm

    I think this is a real great post.Thanks Again. Fantastic.

  • Claire Bickerstaff on 05/02/2012 10:53pm

    Thanks for the blog article.Really looking forward to read more. Cool.

  • Truman Speights on 05/02/2012 10:55pm

    I really liked your blog post.Really looking forward to read more. Really Great.

  • Shannon Lam on 05/02/2012 10:57pm

    Really enjoyed this post.Much thanks again. Want more.

  • illinois vehicle auto insurance on 12/02/2012 7:38pm

    Im thankful for the blog post.Much thanks again. Much obliged.

  • Helena Parke on 20/02/2012 6:26am

    A big thank you for your blog article.Really looking forward to read more. Great.

  • Mateo Forster on 20/02/2012 6:25pm

    Say, you got a nice blog article.Much thanks again. Fantastic.

  • Conrad Fogel on 21/02/2012 11:01am

    I think this is a real great blog article. Cool.

  • Carmen Esqueda on 23/02/2012 9:58am

    I think this is a real great blog.Much thanks again. Cool.

  • Amari Bierman on 23/02/2012 12:06pm

    Thanks so much for the article.Much thanks again. Much obliged.

  • Marshall Plemmons on 24/02/2012 11:31pm

    Awesome article.Much thanks again. Really Cool.

  • Brogan Brent on 25/02/2012 2:29am

    I value the post.Really looking forward to read more. Cool.

  • Guitar Tutor on 25/02/2012 8:57am

    Appreciate you sharing, great article.Really thank you! Keep writing.

  • Kendall Nocera on 27/02/2012 9:17pm

    Muchos Gracias for your blog post.Really looking forward to read more. Great.

  • Kyan Khoury on 27/02/2012 10:58pm

    I think this is a real great article.Really thank you! Much obliged.

  • Phoenix Leath on 28/02/2012 12:35am

    I really enjoy the post.Really looking forward to read more. Really Cool.

  • Alisha Bracamonte on 28/02/2012 1:23am

    I cannot thank you enough for the article post.Thanks Again. Awesome.

  • Averie Millis on 28/02/2012 2:44am

    Really informative article.Really looking forward to read more. Keep writing.

  • Owen Repp on 28/02/2012 4:36am

    I cannot thank you enough for the post.Really thank you! Want more.

  • Tatyana Hudson on 28/02/2012 7:20am

    Fantastic article post.Really looking forward to read more. Fantastic.

  • Enrique Valles on 28/02/2012 8:27am

    Very good blog article.Much thanks again. Really Cool.

  • Julianna Vallee on 28/02/2012 9:36am

    I value the blog post.Really thank you! Really Cool.

  • Joselin Shapiro on 28/02/2012 11:31am

    Wow, great post.Thanks Again. Will read on...

  • Greyson Tollison on 28/02/2012 1:25pm

    Really enjoyed this blog article.Really looking forward to read more. Much obliged.

  • Coby Huie on 28/02/2012 2:56pm

    A big thank you for your blog post.Really looking forward to read more. Cool.

  • Marianna Durkin on 28/02/2012 4:04pm

    Appreciate you sharing, great article post.Much thanks again. Great.

  • Bruno Petri on 28/02/2012 5:32pm

    I truly appreciate this article.Really looking forward to read more. Keep writing.

  • Makenzie Benford on 28/02/2012 10:05pm

    This is one awesome blog article.Thanks Again. Much obliged.

  • Lillie Lema on 29/02/2012 5:38am

    wow, awesome post.Thanks Again. Awesome.

  • Kaley Welsh on 29/02/2012 7:12am

    Awesome blog.Thanks Again. Cool.

  • Eileen Finley on 02/03/2012 4:39pm

    Thanks again for the article post.Much thanks again. Really Cool.

  • Agustin Reider on 02/03/2012 6:01pm

    Thanks again for the article post. Want more.

  • Aubree Preble on 06/04/2012 9:02am

    Im obliged for the article.Much thanks again. Great.

Trackback URL for this page.

FROM THE BLOG

Contact Us

We love to work with you on your next web related project. Contact us today to get started.

newbiz [at] cyferweb [dot] com

More ways to contact us »

Keep in Touch

Sign up for news and updates. Cyferweb will not share your info with any third parties.

© 2011 Cyferweb. All rights reserved.
Site Map