Share on Google+Share on Google+

PHP SQL Injection Example

Advertisement
Database is the main part of any application used to store the sensitive information like user credentials, financial information etc.

PHP SQL Injection Example

     

This Example illustrates how injection is used in the sql query.

Database is the main part of any application used to store the sensitive information like user credentials, financial information etc. SQL Injection is a technique to break the security of the database of the application. This is one of the most common technique used by hackers to steal the data from the database from the application layer. The name "SQL injection" itself indicates that it injects or manipulates SQL code by adding unexpected Sql string to a query. This can result into database manipulation in an unexpected way i.e. the application will run the Sql query that was not intended.

In the below source code, the first query is the normal query which has no problem in execution, as our MySQL statement will just select everything from "emp" table where name equal to "sandeep". In the next query, the ' ' OR 1 makes the sql not the same that we intended because it will always be true and each entry in the table would be selected by this statement.

 

 

Source Code of phpSqlInjection.php

<?php
  $name = "sandeep"
  $query = "SELECT * FROM emp WHERE name = '$name'";
  echo "Normal: " . $query . "<br>";

  $wrongName = "'OR 1'";
  $query1 = "SELECT * FROM emp WHERE name = '$wrongName'";
  echo "Injection: " . $query1 . "<br>";

  $name1 = "'; DELETE FROM emp WHERE 1 or name = '"
  $query2 = "SELECT * FROM emp WHERE name = '$name1'";
  echo "Injection: " . $query2;
?>

 

Output:

Download Source Code

Advertisements

Advertisement

Posted on: January 20, 2009 If you enjoyed this post then why not add us on Google+? Add us to your Circles

Share this Tutorial Follow us on Twitter, or add us on Facebook or Google Plus to keep you updated with the recent trends of Java and other open source platforms.

Discuss: PHP SQL Injection Example  

Post your Comment


Your Name (*) :
Your Email :
Subject (*):
Your Comment (*):
  Reload Image
 
 
Comments:1
Daxiong
December 21, 2011
cyberserv's logo

test