Sql injection – web-developers take care!

So what is Sql injection?
As a simple definition, I can say…it is simply writing pieces of sql codes in places where normally you shouldn’t be writing them :p

But where?

Suppose there is a login screen having two input boxes as shown above. One is for the username and the other ine is for the password. Now a user is supposed to type in the respective details…but what if he put some sql codes?

This can be deliberate or unintentional. I’m sure many of us must have come across an online registration form whereby if we use a single quote like this ‘ it causes an error! Well some people use this very vulnerability to gain access to websites.

This problem can be solved 2 ways: client side and server side

Oops…Javascript validation here :p

client side: the page on the users browser will contain some javascript to validate the inputs on the client’s machine itself before being submitted to the server.

The variables gets the data without any validation. single quotes ‘ will not be filtered out

Here we have introduced new codes to filter out all single quotes ‘ from username and password.

server side:the data submitted by the client to the server can be validated using some functions in either vbscript for asp or php.

Javascript is a quicker solution, but it will solve only the problem encountered by users who have used the single quote ‘ unintentionally. as for those making use of the ‘ deliberately, they will easily by-pass this ’security measure’ by simply saving the page on their pc, remove the java validation script and then easily type in whather restricted characters such as ‘ .

Saving the file to be able to modify it :p

First remove this piece of highlighted code…it calls the javascript validating function.

Due to the fact that this page will resite on my pc, instead of the server, the page fleftmenu.php that will process the result will not be in same folder. Thus I have to put a complete path to it as show below.

Definitely a reliable solution for countering malicious use of ‘ will be using server side scripting. For example in php, we can write something like: $ausername=str_replace(“‘”,”””,$_POST['username']); this inbuilt function will replace the ‘.

So, let’s get started with the sql

$sql=”SELECT * FROM member WHERE username = ‘$username’ and password= ‘$password’ “;

SELECT * FROM member WHERE username = ‘roushdat’ and password= ‘mopassword’

SELECT * FROM member WHERE username = ‘roushdat’ /* and password= ‘mopassword’

SELECT * FROM member WHERE username = ‘roushdat’

roushdat’ /*

and you are inside a user’s account without even having to type a password :p !

This was just an example. you can also use codes like:

‘ OR ‘t’='t

where you don’t have any username handy. This code will choose the first record from users’ table. For further information about sql injection, please click here.