Latest Tutorials| Questions and Answers|Ask Questions?|Site Map



Home Sql Mysql-injection PHP SQL Injection

Related Tutorials


 
 

Share on Google+Share on Google+

PHP SQL Injection

Advertisement
PHP SQL Injection is an interface that facilitate access and interaction with a database. A database contains data in tables and procedures.

PHP SQL Injection

     

PHP SQL Injection is an interface that facilitate access  and interaction with a database. A database contains data in tables and procedures. An SQL injection is an attack that aim at manipulating the records in back-end database. The Manipulation involves steal or modify the information in database. This result in exploitation of web application by injecting malicious queries(unwanted), that causes the modification of records in database.

Understand with Example

The Tutorial illustrate an example from PHP SQL Injection. To grasp the example we create a table 'stu' with required fieldnames and datatypes respectively. The table 'stu' has a Primary Key 'id'.

Create Table Stu:

CREATE TABLE `stu` (                     
          `id` int(11) NOT NULL auto_increment,  
          `name` varbinary(10) default NULL,     
          `class` int(11) default '12',          
          PRIMARY KEY  (`id`)                    
        )

Insert.php:

The Insert.php include host, user, password and database that are used to connect the server side to database.  The HTML page is used to add new records to the "stu". When a user clicks the submit button in the HTML form, the form data is sent to "insert.php". The "insert .php" file connects to a database, and retrieve the values from the html form .When a user clicks the submit button in the HTML form in the example above, the form data is sent to "insert.php". The "insert.php" file connects to a database and retrieves the value from the form using PHP Post variable. When the records are added to the table, Insertion Successful are displayed.

<html>
<body>
<form method="post" action="insert.php"
style="border: 1px solid #000000; 
width :230px; margin-top: 
50px;margin-left: 
70px;padding:20px 20px 20px 20px; 
background-color: #F5F5FF;">
<table cellpadding="5">
<tr >
<td>Name</td>
<td>&nbsp;</td>
<td><input type="text" name="name"></td>
</tr>
<tr>
<td>Class</td>
<td>&nbsp;</td>
<td><input type="text" name="class"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="submit" value="Submit"></td>
</tr>
</table>
</form>
<?php
$host = "localhost";
$user = "root";
$password = "root";
$database = "komal";
$connection = mysql_connect($host,$user,$password) 
or die("Could not connect: ".mysql_error());
mysql_select_db($database,$connection) 
or die("Error in selecting the database:".mysql_error());

if (isset($_POST['name'])) {
$name=$_POST["name"];
$class=$_POST["class"];
$sql="insert into stu(name,class) 
values('".$name."',".$class.")";
mysql_query($sql,$connection) 
or exit("Sql Error".mysql_error());
mysql_close($connection);

echo "<div style=\"border: 1px solid #000000; 
width :230px; margin-top: 
50px;margin-left: 70px;padding:20px 20px 20px 20px ; 
background-color: #F5F5FF;\">";
echo "Insertion Successful ...</div>";
}
?>
</body>
</html>


Output

Name  
Class  
   
Insertion Successful ...
Advertisement

If you enjoyed this post then why not add us on Google+? Add us to your Circles



Liked it!  Share this Tutorial


Follow us on Twitter, or add us on Facebook or Google Plus to keep you updated with the recent trends of Java and other open source platforms.

Posted on: January 29, 2009

Related Tutorials

Discuss: PHP SQL Injection  

Post your Comment


Your Name (*) :
Your Email :
Subject (*):
Your Comment (*):
  Reload Image
 
 
Comments:0
DMCA.com