Before We Start You Guys Need To Know What SQL Injection is,
So What Is SQL Injection ?
SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQLstatements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
History :
The first public discussions of SQL injection started appearing around 1998.Technical implementations
The following line of code illustrates this vulnerability:
statement = "SELECT * FROM users WHERE name = '" + userName + "';"
This SQL code is designed to pull up the records of the specified username from its table of users. However, if the "userName" variable is crafted in a specific way by a malicious user, the SQL statement may do more than the code author intended. For example, setting the "userName" variable as:
' OR '1'='1
or using comments to even block the rest of the query (there are three types of SQL comments[13]). All three lines have a space at the end:
' OR '1'='1' --
' OR '1'='1' ({
' OR '1'='1' /*
renders one of the following SQL statements by the parent language:
SELECT * FROM users WHERE name = '' OR '1'='1';
SELECT * FROM users WHERE name = '' OR '1'='1' -- ';
a';DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 't
This input renders the final SQL statement as follows and specified:
SELECT * FROM users WHERE name = 'a';DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 't';
Escaping
$mysqli = new mysqli('hostname', 'db_username', 'db_password', 'db_name');
$query = sprintf("SELECT * FROM `Users` WHERE UserName='%s' AND Password='%s'",
$mysqli->real_escape_string($username),
$mysqli->real_escape_string($password));
$mysqli->query($query);
About Author:
Evilbot is a young Information System Security Geek also giving classes of Pentesting.
Let's Get Connected: Twitter | Facebook | Google Plus
EmoticonEmoticon