Well I was coding random things that I thought of to practice a little.. And I figured I would try a couple different ways to code a log in script... When i stumbled across coding a login script, that is really core.. Its really basic, checks to see if the username and password exist and displays "Logged in successfully" if the username and password exist and are the same as the users input. I decided to mess around, and try SQL injecting.. I guess cause I got bored.. And I noticed that None of the SQL injections that I know of, and none of the ones i found on google, work on this script at all.. Maybe im doing something wrong? Anyways heres the code: Database is set up as: Database Name: sqlinjection Database Table Name: test Database Column 1: user Holding username Database Column 2: password holding password <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <?php $db = mysql_connect("localhost", "root", "") or die("Could not connect to the Database"); mysql_select_db("sqlinjection", $db) or die("could not select database"); $username = $_POST['username']; $password = $_POST['password']; if(isset($username) && isset($password)){ $query = "SELECT * FROM test WHERE user='" . $username . "' AND password='" . $password . "'"; $result = mysql_query($query, $db); $array = mysql_fetch_array($result); $user = $array['user']; $pass = $array['password']; if($user == $username && $pass == $password){ echo "logged in successfully."; } elseif($user == "" && $pass == ""){ echo "Your login details could not be found"; } } else { echo "USername and password not set!"; } ?> <form method="post" action"<?php $_SERVER['PHP_SELF']; ?>"> Username: <input type="text" name="username" /><br /> Password: <input type="text" name="password" /> <input type="submit" value="Login.." /> </form> </body> </html> Code (markup): I know this probably isnt the best way to Code a login script, but like i said i was messing around, and stumbled accross a script that no SQL injections work on.. I could be doing it wrong though.. Im not exactly the "hacker" type.. NOTE THIS WAS CODED, AND TESTED ON MY LOCAL MACHINE USING XAMPP EDIT: I must be doing something wrong.. Cause when i run the SAME SQL Statement in the database directly.. "SELECT * FROM test WHERE user='username' AND password='password' DROP TABLE 'user'" As stated on wiki as a commonly found SQL injection.. I get an Error.. EDIT 2: Yea im doing something wrong.. None of the SQL injections found on wiki work even when i directly type out what the state would be with the SQL injection..
This will be safe against SQL Injection, until someone changes "magic_quotes_gpc" in php.ini to Off. Then it's not
that's right. If it is impossible to change php.ini, you can turn disable magic quotes by: <?php if (get_magic_quotes_gpc()) { $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); while (list($key, $val) = each($process)) { foreach ($val as $k => $v) { unset($process[$key][$k]); if (is_array($v)) { $process[$key][stripslashes($k)] = $v; $process[] = &$process[$key][stripslashes($k)]; } else { $process[$key][stripslashes($k)] = stripslashes($v); } } } unset($process); } ?> Code (markup):
most of new xampp installation are coming much more secure this days. and they are providing security against this type of attacks at server level