PHP SQL Injection

PHP SQL Injection is an interface that facilitate access and interaction with a database. A database contains data in tables and procedures.

PHP SQL Injection

PHP SQL Injection

     

PHP SQL Injection is an interface that facilitate access  and interaction with a database. A database contains data in tables and procedures. An SQL injection is an attack that aim at manipulating the records in back-end database. The Manipulation involves steal or modify the information in database. This result in exploitation of web application by injecting malicious queries(unwanted), that causes the modification of records in database.

Understand with Example

The Tutorial illustrate an example from PHP SQL Injection. To grasp the example we create a table 'stu' with required fieldnames and datatypes respectively. The table 'stu' has a Primary Key 'id'.

Create Table Stu:

CREATE TABLE `stu` (                     
          `id` int(11) NOT NULL auto_increment,  
          `name` varbinary(10) default NULL,     
          `class` int(11) default '12',          
          PRIMARY KEY  (`id`)                    
        )

Insert.php:

The Insert.php include host, user, password and database that are used to connect the server side to database.  The HTML page is used to add new records to the "stu". When a user clicks the submit button in the HTML form, the form data is sent to "insert.php". The "insert .php" file connects to a database, and retrieve the values from the html form .When a user clicks the submit button in the HTML form in the example above, the form data is sent to "insert.php". The "insert.php" file connects to a database and retrieves the value from the form using PHP Post variable. When the records are added to the table, Insertion Successful are displayed.

<html>
<body>
<form method="post" action="insert.php"
style="border: 1px solid #000000; 
width :230px; margin-top: 
50px;margin-left: 
70px;padding:20px 20px 20px 20px; 
background-color: #F5F5FF;">
<table cellpadding="5">
<tr >
<td>Name</td>
<td>&nbsp;</td>
<td><input type="text" name="name"></td>
</tr>
<tr>
<td>Class</td>
<td>&nbsp;</td>
<td><input type="text" name="class"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="submit" value="Submit"></td>
</tr>
</table>
</form>
<?php
$host = "localhost";
$user = "root";
$password = "root";
$database = "komal";
$connection = mysql_connect($host,$user,$password) 
or die("Could not connect: ".mysql_error());
mysql_select_db($database,$connection) 
or die("Error in selecting the database:".mysql_error());

if (isset($_POST['name'])) {
$name=$_POST["name"];
$class=$_POST["class"];
$sql="insert into stu(name,class) 
values('".$name."',".$class.")";
mysql_query($sql,$connection) 
or exit("Sql Error".mysql_error());
mysql_close($connection);

echo "<div style=\"border: 1px solid #000000; 
width :230px; margin-top: 
50px;margin-left: 70px;padding:20px 20px 20px 20px ; 
background-color: #F5F5FF;\">";
echo "Insertion Successful ...</div>";
}
?>
</body>
</html>


Output

Name  
Class  
   
Insertion Successful ...