Results 1 to 6 of 6

Thread: sql injections

  1. #1
    Join Date
    Jul 2011
    Location
    hyderabad,India
    Posts
    58
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default sql injections

    hi all,
    i have done simple login form with username="admin" and password="admin123".
    i am checking for sql injections.i have given "mysql_real_escape_string"
    for both username and password fields.
    but also it is not working......
    if i give username as "admin --" and click the submit button(not giving password also) it is taking to the next page...
    tell me whats wrong in my below code.....
    Code:
    <?php
    session_start();
    mysql_connect("localhost","root","");
    mysql_select_db("test");
    if(isset($_POST['sub']))
    {
    $username=mysql_real_escape_string($_POST['txtuname']);
    $password=mysql_real_escape_string($_POST['txtpwd']);
    $check=mysql_query("SELECT DISTINCT `username`,`password` FROM `log` WHERE `username`='$username'") or die("Error: " . mysql_error());
    while($find = mysql_fetch_array($check)) 
     {
     list($username,$output) = $find;
     }
    if($password==$output) 
     { 
    $_session['si']=session_id();
    echo "<script> location='view1.php'</script>";
     }
    else
    echo "invalid";
    }
    ?>
    <table width="200" height="150" bgcolor="lightblue" border="1" align="center">
    <tr><td style="font-size:25;color:red" align="center" colspan="2">Login Form </td></tr>
    <form method="post" action="">
    <tr><td align="right" width="100">
    Username:</td><td><input type="text" name="txtuname" </td></tr>
    <tr><td align="right" width="100">
    Password:</td><td><input type="password" name="txtpwd" </td></tr>
    <tr><td align="right" width="100">
    <input type="submit" value="login" name="sub" </td></tr>
    </form>
    </table>

  2. #2
    Join Date
    May 2007
    Location
    Boston,ma
    Posts
    2,127
    Thanks
    173
    Thanked 207 Times in 205 Posts

    Default

    This is not a sql injection a sql injection is when someone access your database and changes/destroys/accesses information.

    You need to check the password as well in your query, you currently only check the username

    PHP Code:
    SELECT DISTINCT `username`,`passwordFROM `logWHERE `username`='$username' and `password` = '$password'" 
    Corrections to my coding/thoughts welcome.

  3. #3
    Join Date
    Sep 2008
    Location
    Midland, Texas
    Posts
    52
    Thanks
    16
    Thanked 0 Times in 0 Posts

    Default

    Your SQL statement is missing the password parameter:

    PHP Code:
    "SELECT DISTINCT `username`,`password` FROM `log` WHERE `username`='$username'" 
    It should read something like this:
    PHP Code:
    "SELECT DISTINCT `username`,`password` FROM `log` WHERE username='" $username "' AND password = '" $password "'" 

  4. #4
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    Quote Originally Posted by xtiano77 View Post
    Your SQL statement is missing the password parameter:

    PHP Code:
    "SELECT DISTINCT `username`,`password` FROM `log` WHERE `username`='$username'" 
    It should read something like this:
    PHP Code:
    "SELECT DISTINCT `username`,`password` FROM `log` WHERE username='" $username "' AND password = '" $password "'" 
    xtiano77,

    bluewalrus pointed this out yesterday, in the post above yours. There is no need to mention it again.

  5. #5
    Join Date
    Sep 2008
    Location
    Midland, Texas
    Posts
    52
    Thanks
    16
    Thanked 0 Times in 0 Posts

    Default

    I read the post and hit "Q-Reply" and it took me to the box in the bottom so I missed yesterday's reply. Thanks for calling me out like that, very polite of you.

  6. #6
    Join Date
    Mar 2007
    Location
    New York, NY
    Posts
    557
    Thanks
    8
    Thanked 66 Times in 66 Posts

    Default

    Hey, everyone makes mistakes.
    - Josh

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •