Databases| SQL| MySQL| Questions?

 

 

 

 

 

 

 

 

 

 

 

 

 

Search Tutorials

Latest Questions
Comments
 
PHP SQL Injection Attack 
 

PHP SQL Injection Attack refers to the act of someone insert a MySQL statement to be run on your database with your knowledge.

 

PHP SQL Injection Attack

                         

PHP SQL Injection Attack refers to the act of  someone insert  a MySQL statement to be run on your database with your knowledge. Injection usually occurs when a user ask for input like names and instead of name they give you a MySQL statement unknowingly run on your database.

Understand with Example

The Tutorial illustrate an example from PHP SQL Injection Attack. To understand and grasp the example we create a table 'Stu' with required fieldnames and datatypes respectively.

Create Table Stu :

CREATE TABLE `stu` (                     
          `id` int(11) NOT NULL auto_increment,  
          `name` varbinary(10) default NULL,     
          `class` int(11) default '12',          
          PRIMARY KEY  (`id`)                    
        )

Insert.php:

The Insert.php include a html page that is used to submit the records from a user and add the records on the click submit button to the table 'stu' of database. Sometimes the attacker could get access a lot of information they don't have, the attack can be worst.

<html>
<body ">
<form method="post" action="insert.php"
	style="border: 1px solid #000000;
	width :230px; margin-top: 
	50px;margin-left: 70px;
	padding:20px 20px 20px 20px; 
	background-color: #F5F5FF;">
	<table cellpadding="5">
	<tr >
		<td>Name</td>
		<td>&nbsp;</td>
		<td><input type="text" name="name"></td>
	</tr>
	<tr>
		<td>Class</td>
		<td>&nbsp;</td>
		<td><input type="text" name="class"></td>
	</tr>
	<tr>
		<td>&nbsp;</td>
		<td>&nbsp;</td>
		<td><input type="submit" name="submit" value="Submit"></td>
	</tr>
	</table>

</form>
<div style="border: 1px solid #000000; 
	width :230px; margin-top: 
	50px;margin-left: 70px;
	padding:20px 20px 20px 20px ; 
	background-color: #F5F5FF;">
<?php
	$host = "localhost";
	$user = "root";
	$password = "root";
	$database = "komal";
	$connection = mysql_connect($host,$user,$password) 
		or die("Could not connect: ".mysql_error());
	$connection1 = mysql_connect($host,$user,$password) 
		or die("Could not connect: ".mysql_error());
	mysql_select_db($database,$connection) 
		or die("Error in selecting the database:".mysql_error());
	if (isset($_POST['name'])) {
		$name=$_POST["name"];
		$class=$_POST["class"];
		$sql="insert into stu(name,class) 
			values('".$name."',".$class.")";
		mysql_query($sql,$connection) 
			or exit("Sql Error".mysql_error());
		mysql_close($connection);
	}
	$sql="Select * from stu";
	$sql_result=mysql_query($sql,$connection1) 
		or exit("Sql Error".mysql_error());
	$sql_num=mysql_num_rows($sql_result);
	echo "<table width=\"100%\">";
	echo "<tr>";
	echo "<td ><b>Id</b></td><td><b>Name</b></td> 
		<td><b>Class</b></td>";
	echo "</tr>";
	while($sql_row=mysql_fetch_array($sql_result))
	{
		$id=$sql_row["id"];
		$name=$sql_row["name"];
		$class=$sql_row["class"];
		echo "<tr><td>".$id."</td>";
		echo "<td>".$name."</td>";
		echo "<td>".$class."</td></tr>";
	}	
	echo "</table>";
	mysql_close($connection1);
?>
</div>
</body>
</html>

Ourtput

Name  
Class  
   
Id Name Class
1 Ajay 12
2 Bhanu 12
3 Komal 12
4 Rakesh 12
5 Santosh 12
6 Tanuj 12
7 kk 12
8 ss 12
9 ss 12
10 komal 11
11 girish 12

                         

» View all related tutorials
Related Tags: php sql c database data insert io sed tab injection show example record records to base exam sh e use

Leave your comment:

Name:

Email:

URL:

Title:

Comments:


Enter Code:

Audio Version
Reload Image
 

Note: Emails will not be visible or used in any way, and are not required. Please keep comments relevant. Any content deemed inappropriate or offensive may be edited and/or deleted.

No HTML code is allowed. Line breaks will be converted automatically. URLs will be auto-linked. Please use BBCode to format your text.

Add This Tutorial To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Training Courses
Tell A Friend
Your Friend Name
Software Solutions
Least Viewed
Most Rated
Recently Viewed
Search Tutorials

 

 
 

Home | JSP | EJB | JDBC | Java Servlets | WAP  | Free JSP Hosting  | Search Engine | News Archive | Jboss 3.0 tutorial | Free Linux CD's | Forum | Blogs

About Us | Advertising On RoseIndia.net  | Site Map

India News

Indian Software Development Company | iPhone Development Company in India | Flex Development Company in India | Java Training Delhi | Java Training at Noida |

Send your comments, Suggestions or Queries regarding this site at roseindia_net@yahoo.com.

Copyright © 2008. All rights reserved.