Basically, SQL injection is used to store data on websites or applications of websites and applications in SQL databases. SQL injection is used to access the database information (or the entire company), destroy the database information, or manipulate the database information. It is a security vulnerability used to exploit applications or websites. There are many different types of SQL injection, but in this article, we will only cover the basic knowledge. Let's see how to use it.
As a Web developer, I often read articles that hackers (from low-level to knowledgeable) infiltrate websites and change through the terrible "SQL injection" method and full control, obtain the data to access or destroy the master. As a senior Web developer, I'm sure you want to know how to prevent it. Well, here! In this article, you will find out what SQL injection is and what you can do to prevent it. the additional suggestions are easy to achieve, making your data safer.
Please note: I am not an "absolute" expert, but my project has never been hacked (also), anti-SQL injection (as far as I know), I love to learn. What do I promise.
What is SQL injection and how is it used?
Basically, SQL injection is used to store data on websites or applications of websites and applications in SQL databases. SQL injection is used to access the database information (or the entire company), destroy the database information, or manipulate the database information. It is a security vulnerability used to exploit applications or websites. There are many different types of SQL injection, but in this article, we will only cover the basic knowledge.
Let's take a look at how to use it to further understand what it is. I want my script language. in these examples, PHP is used. You can use any language instead. The focus should be on SQL commands.
Example
Suppose you are a professional with your own business. You have created a SQL database table that contains information about all your customers. you can use it to send important notifications for billing, it takes you a whole year to get 50,000 very important customers. You manage your database, record it online, and do anything you need to do for your trip, directly from your website.
Your script for querying logs in your php SQL statement is on your website:
<?
$ Q = "select 'id' user 'username' = '" $ _ GET ['username']. "'And 'password' =' $ _ GET ['password']. "'";
?>
One day, a self-claimed hacker tripped on your website. Click "log on.
In the "user name" field, enter the following:
'Show TABLES;
Now, the hacker has shown every table, and you must be in your database.
Because he knows the name of your table, he enters:
'Drop TABLE [TABLE name;
All your information is missing.
Note: There are more complex attempts than this. someone can spend a lot of time accessing your database, or they can even use a program to try to exploit this vulnerability, your website, database, applications.
Step 1 use mysql_real_escape_string ()
Use this PHP function to escape special characters in SQL queries and protect you from attacks.
The query now looks like this:
<?
$ Q = "SELECT 'id' 'user ''username' = '". Mysql_real_escape_string ($ _ GET ['username']). "'And 'password' = '". Mysql_real_escape_string ($ _ GET ['password']). "'";
?>
Step 2 use the request mysql_query ()
Use 'request mysql_query () 'to provide additional protection to prevent SQL injection. Package in one query request mysql_query () from your "username" field, instead of only one. this is another vulnerability that allows hackers to use multiple SQL commands. The time when mysql_query () is requested to allow only one command.
Therefore, our query will look like this:
<?
// Connection
Database = MYSQL_CONNECT ("local host", "user name", "password ");
// Database selection
Mysql_select_db ("database", database );
$ Q = request mysql_query ("Select 'id' user 'username' = '". Mysql_real_escape_string ($ _ GET ['username']). "'And 'password' = '". Mysql_real_escape_string ($ _ GET ['password']), "'", database );
?>
Suggestion: Centralize your connections
You should focus on your scripts and connect to a page.
You only need to use the "include ()" function on each page, including the page that carries the connection information of your SQL database. This will force you to create a query and use the same format on each page you create, and reduce the chance of opening an error because of the vulnerability.
So, let's say that we put a page called 'ons Ons. php' below:
<?
// Connection
Database = MYSQL_CONNECT ("local host", "user name", "password ");
// Database selection
Mysql_select_db ("database", database );
?>
With the new settings, we can modify our queries. Our logon page:
<?
"Destination" ("connections. php );
$ Q = request mysql_query ("Select 'id' user 'username' = '". Mysql_real_escape_string ($ _ GET ['username']). "'And 'password' = '". Mysql_real_escape_string ($ _ GET ['password']), "'", database );
?>
Suggestion: Clean the data on the initial page
Many programming languages, before forcing you to declare variables, you can use them throughout the script. PHP does not force you to do this, but it is a good habit. the page begins to clean up your variables anyway!
Someone will ask, "if I clean every variable throughout the page, why should I clean the variable above? Is it because I am doing the same thing, your suggestion ?".
This is why it is easier for you to clean variables for some different reasons, beyond the start of the formatted page.
- The amount of code you must write is reduced.
- Once the variable is clean, you can freely use it throughout the page without worrying about the vulnerability.
- It is more clean and organized, making your work easier and avoiding mistakes.
If we clear the page starting with a variable, our script will look like this:
<?
"Destination" ("connections. php );
$ Username = mysql_real_escape_string ($ _ GET ['username']);
$ Password = mysql_real_escape_string ($ _ GET ['password']);
$ Q = request mysql_query ("Select 'id' user 'where' username '='" $ as the user name. "'And 'password' = '." Password ". '", MetaBase );
?>
You can even try to create a function for all the cleanup and reduced amounts you have to type further. Let's take a look at the example below.
<?
Functional detergents (input ){
// Clean variables, including mysql_real_escape_string ()
}
"Destination" ("connections. php );
$ Username = clean ($ _ GET ['username ']);
$ Password = vacuum cleaner ($ _ GET ['password']);
$ Q = request mysql_query ("Select 'id' user 'where' username '='" $ as the user name. "'And 'password' = '." Password ". '", MetaBase );
?>
Suggestion: even after cleaning
You can have additional checks in place on your server to prevent unnecessary processing. Before checking your script, you can run the query to run the query. The data you find is acceptable.
<?
Functional detergents (input ){
// Clean variables, including mysql_real_escape_string ()
}
"Destination" ("connections. php );
$ Username = clean ($ _ GET ['username ']);
$ Password = vacuum cleaner ($ _ GET ['password']);
// Check if the input is blank.
If ($ password = '') | ($ username = '')){
// Do not let them pass
}
// Check if they put too many characters than should be allowed.
Otherwise, if (strlen (username)> 20) | (strlen ($ password)> 20 )){
// Do not let them pass
}
// Pass our check! Run the query.
Others {
$ Q = request mysql_query ("Select 'id' user 'where' username '='" $ as the user name. "'And 'password' = '." Password ". '", MetaBase );
}
?>
This is almost it.
If you have any questions, please feel free to ask!