candle21428
Nov 2nd 2006, 11:38 pm
Hi there,
I have bought the following code from a programmer a couple of months ago and I realized the code may lead to very serious sql injection problem (I am a newbie, so not very sure about that).
Here is the form on my admin page:
<form method="POST" action="login.php">
<tr>
<td width="100%" colspan="2">
<p align="center"><b>Login Here</b></td>
</tr>
<tr>
<td width="100%">User Name </td>
<td width="50%">
<input type="text" name="user" size="20" class="text"></td>
</tr>
<tr>
<td width="100%">Password</td>
<td width="50%">
<input type="password" name="pw" size="20" class="text">
and here is the code on the login.php
session_start();
$Sql="Select * from admin where username='$user' and password='$pw'";
$result=mysql_query($Sql,$conn);
$lo=mysql_num_rows($result);
if($lo >=1){
session_register("whosin_admin");
$whosin_admin=$un;
header("Location: home.php");
}else{
header("Location: index.php?err=1");
}
?>
It seems that there is no filter to prevent sql injection at all. What should I do to make this login process secure?
I have read a few articles on google and some said that it would be useful to use "mysql_escape_string" for the input, but what is a proper way of using it?
Questions:
1) Do I simply use mysql_escape_string($user) instead of $user?
2) Is there any other code I could add to make it more secure?
3) People always said that it is better to turn the global register off. Is session_start(); or all those session variable considered to be global register? How can I transfer data between pages if I don't use session?
4) Is there any other web sites where I can learn more about the web site security?
Thx in advance.
I have bought the following code from a programmer a couple of months ago and I realized the code may lead to very serious sql injection problem (I am a newbie, so not very sure about that).
Here is the form on my admin page:
<form method="POST" action="login.php">
<tr>
<td width="100%" colspan="2">
<p align="center"><b>Login Here</b></td>
</tr>
<tr>
<td width="100%">User Name </td>
<td width="50%">
<input type="text" name="user" size="20" class="text"></td>
</tr>
<tr>
<td width="100%">Password</td>
<td width="50%">
<input type="password" name="pw" size="20" class="text">
and here is the code on the login.php
session_start();
$Sql="Select * from admin where username='$user' and password='$pw'";
$result=mysql_query($Sql,$conn);
$lo=mysql_num_rows($result);
if($lo >=1){
session_register("whosin_admin");
$whosin_admin=$un;
header("Location: home.php");
}else{
header("Location: index.php?err=1");
}
?>
It seems that there is no filter to prevent sql injection at all. What should I do to make this login process secure?
I have read a few articles on google and some said that it would be useful to use "mysql_escape_string" for the input, but what is a proper way of using it?
Questions:
1) Do I simply use mysql_escape_string($user) instead of $user?
2) Is there any other code I could add to make it more secure?
3) People always said that it is better to turn the global register off. Is session_start(); or all those session variable considered to be global register? How can I transfer data between pages if I don't use session?
4) Is there any other web sites where I can learn more about the web site security?
Thx in advance.