SQL Injections

Discussion in 'Databases' started by tdd1984, Mar 27, 2008.

0
  1. #1
    Are SQL injections mainly done through forms?

    Like sign up forms, user logins forms, and etc?
     
    tdd1984, Mar 27, 2008 IP
  2. CreativeClans

    CreativeClans Peon

    Messages:
    128
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #2
    SQL injections are mainly done through any data that is sent to your script through $_POST and $_GET. That's why you should always pass all data coming from these sources through mysql_real_escape_string.
     
    CreativeClans, Mar 27, 2008 IP
  3. mwasif

    mwasif Active Member

    Messages:
    816
    Likes Received:
    23
    Best Answers:
    1
    Trophy Points:
    70
    #3
    For complete details visit en.wikipedia.org/wiki/SQL_injection
     
    mwasif, Mar 27, 2008 IP
  4. Rory M

    Rory M Peon

    Messages:
    1,020
    Likes Received:
    37
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Thanks for that link, it helped me out a lot :)
     
    Rory M, Mar 28, 2008 IP
  5. indyeah

    indyeah Well-Known Member

    Messages:
    1,901
    Likes Received:
    44
    Best Answers:
    0
    Trophy Points:
    165
    #5
    most of the times yes, though wikipedia gives you a indepth knowledge about it ;)
     
    indyeah, Mar 29, 2008 IP
  6. uswarez

    uswarez Peon

    Messages:
    100
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #6
    From youtube videos ive seen its threw login.
     
    uswarez, Mar 29, 2008 IP
  7. Ikki

    Ikki Peon

    Messages:
    474
    Likes Received:
    34
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Not only by forms they can use the address bar as well! That's why you should always check any data being sent via $_GET or $_POST.
     
    Ikki, Mar 29, 2008 IP
  8. mwasif

    mwasif Active Member

    Messages:
    816
    Likes Received:
    23
    Best Answers:
    1
    Trophy Points:
    70
    #8
    In web always remember this 'All Input Data is Evil'.
     
    mwasif, Mar 29, 2008 IP
  9. randomIntellections

    randomIntellections Well-Known Member

    Messages:
    985
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    180
    #9
    SQL injections can be attempted through any user input .. A rule of thumb: All data input from the user has to be sanitized ..
     
    randomIntellections, Mar 30, 2008 IP