PHP SQL Injection Attack
PHP SQL Injection Attack refers to the act of someone insert a MySQL statement to be run on your database with your knowledge. Injection usually occurs when a user ask for input like names and instead of name they give you a MySQL statement unknowingly run on your database.
Understand with Example
The Tutorial illustrate an example from PHP SQL Injection Attack. To understand and grasp the example we create a table 'Stu' with required fieldnames and datatypes respectively.
Create Table Stu :
CREATE TABLE `stu` ( `id` int(11) NOT NULL auto_increment, `name` varbinary(10) default NULL, `class` int(11) default '12', PRIMARY KEY (`id`) ) |
Insert.php:
The Insert.php include a html page that is used to submit the records from a user and add the records on the click submit button to the table 'stu' of database. Sometimes the attacker could get access a lot of information they don't have, the attack can be worst.
<html> <body "> <form method="post" action="insert.php" style="border: 1px solid #000000; width :230px; margin-top: 50px;margin-left: 70px; padding:20px 20px 20px 20px; background-color: #F5F5FF;"> <table cellpadding="5"> <tr > <td>Name</td> <td> </td> <td><input type="text" name="name"></td> </tr> <tr> <td>Class</td> <td> </td> <td><input type="text" name="class"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="submit" value="Submit"></td> </tr> </table> </form> <div style="border: 1px solid #000000; width :230px; margin-top: 50px;margin-left: 70px; padding:20px 20px 20px 20px ; background-color: #F5F5FF;"> <?php $host = "localhost"; $user = "root"; $password = "root"; $database = "komal"; $connection = mysql_connect($host,$user,$password) or die("Could not connect: ".mysql_error()); $connection1 = mysql_connect($host,$user,$password) or die("Could not connect: ".mysql_error()); mysql_select_db($database,$connection) or die("Error in selecting the database:".mysql_error()); if (isset($_POST['name'])) { $name=$_POST["name"]; $class=$_POST["class"]; $sql="insert into stu(name,class) values('".$name."',".$class.")"; mysql_query($sql,$connection) or exit("Sql Error".mysql_error()); mysql_close($connection); } $sql="Select * from stu"; $sql_result=mysql_query($sql,$connection1) or exit("Sql Error".mysql_error()); $sql_num=mysql_num_rows($sql_result); echo "<table width=\"100%\">"; echo "<tr>"; echo "<td ><b>Id</b></td><td><b>Name</b></td> <td><b>Class</b></td>"; echo "</tr>"; while($sql_row=mysql_fetch_array($sql_result)) { $id=$sql_row["id"]; $name=$sql_row["name"]; $class=$sql_row["class"]; echo "<tr><td>".$id."</td>"; echo "<td>".$name."</td>"; echo "<td>".$class."</td></tr>"; } echo "</table>"; mysql_close($connection1); ?> </div> </body> </html>
Ourtput
|