PHP SQL Injection Attack

PHP SQL Injection Attack refers to the act of someone insert a MySQL statement to be run on your database with your knowledge.

PHP SQL Injection Attack

PHP SQL Injection Attack

     

PHP SQL Injection Attack refers to the act of  someone insert  a MySQL statement to be run on your database with your knowledge. Injection usually occurs when a user ask for input like names and instead of name they give you a MySQL statement unknowingly run on your database.

Understand with Example

The Tutorial illustrate an example from PHP SQL Injection Attack. To understand and grasp the example we create a table 'Stu' with required fieldnames and datatypes respectively.

Create Table Stu :

CREATE TABLE `stu` (                     
          `id` int(11) NOT NULL auto_increment,  
          `name` varbinary(10) default NULL,     
          `class` int(11) default '12',          
          PRIMARY KEY  (`id`)                    
        )

Insert.php:

The Insert.php include a html page that is used to submit the records from a user and add the records on the click submit button to the table 'stu' of database. Sometimes the attacker could get access a lot of information they don't have, the attack can be worst.

<html>
<body ">
<form method="post" action="insert.php"
style="border: 1px solid #000000;
width :230px; margin-top: 
50px;margin-left: 70px;
padding:20px 20px 20px 20px; 
background-color: #F5F5FF;">
<table cellpadding="5">
<tr >
<td>Name</td>
<td>&nbsp;</td>
<td><input type="text" name="name"></td>
</tr>
<tr>
<td>Class</td>
<td>&nbsp;</td>
<td><input type="text" name="class"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="submit" value="Submit"></td>
</tr>
</table>

</form>
<div style="border: 1px solid #000000; 
width :230px; margin-top: 
50px;margin-left: 70px;
padding:20px 20px 20px 20px ; 
background-color: #F5F5FF;">
<?php
$host = "localhost";
$user = "root";
$password = "root";
$database = "komal";
$connection = mysql_connect($host,$user,$password) 
or die("Could not connect: ".mysql_error());
$connection1 = mysql_connect($host,$user,$password) 
or die("Could not connect: ".mysql_error());
mysql_select_db($database,$connection) 
or die("Error in selecting the database:".mysql_error());

if (isset($_POST['name'])) {
$name=$_POST["name"];
$class=$_POST["class"];
$sql="insert into stu(name,class) 
values('".$name."',".$class.")";
mysql_query($sql,$connection) 
or exit("Sql Error".mysql_error());
mysql_close($connection);
}

$sql="Select * from stu";
$sql_result=mysql_query($sql,$connection1) 
or exit("Sql Error".mysql_error());
$sql_num=mysql_num_rows($sql_result);
echo "<table width=\"100%\">";
echo "<tr>";
echo "<td ><b>Id</b></td><td><b>Name</b></td> 
<td><b>Class</b></td>";
echo "</tr>";
while($sql_row=mysql_fetch_array($sql_result))
{
$id=$sql_row["id"];
$name=$sql_row["name"];
$class=$sql_row["class"];
echo "<tr><td>".$id."</td>";
echo "<td>".$name."</td>";
echo "<td>".$class."</td></tr>";
} 
echo "</table>";
mysql_close($connection1);
?>
</div>
</body>
</html>


Ourtput

Name  
Class  
   
Id Name Class
1 Ajay 12
2 Bhanu 12
3 Komal 12
4 Rakesh 12
5 Santosh 12
6 Tanuj 12
7 kk 12
8 ss 12
9 ss 12
10 komal 11
11 girish 12