Categories
Archives
- December 2008
- November 2008
- October 2008
- July 2008
- June 2008
- April 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
Syndication
How to prevent SQL injections
SQL injections are common nowadays and plenty of sites get hacked because of insecure database calls.
Making it bulletproof against injections is hard and will take time, but making safer calls are essential and doesn’t take that long to make.
So, what is a SQL injection?
To clearify it I will give a very easy example:
A database may look something like this:
ID | USERNAME | PASSWORD
When you make a call to that database your query can look something like this:
SELECT * FROM database_name WHERE id = '2'So far no problems.. But when you code it, it will be something like this (the insecure way):
$sql = "SELECT * FROM database_name WHERE id = '".$_POST['id']."'";
If you make that query and has a id that is “2″, there will be no problem, but if you change it to something else, you will get some problems.
What if $_POST[’id’] would contain something like: ‘ or 1=1– ?
The query would now be:
$sql = "SELECT * FROM database_name WHERE id = '' or 1=1--";
That would automaticly select the whole database since that “or 1=1″ definetly is true.
That was a very short description of what a SQL injection is so how can we now prevent without using any PDO? Using PDO may be the most secure way but requires more knowledge too.
Three lines of code will secure your code against the most known injections and will make it a lot harder to inject your site and hack it. One of this lines will take care of XSS hacking methods too:
1 2 3 | $_POST = array_map("htmlspecialchars", $_POST); # Will secure from XSS $_POST = array_map("trim", $_POST); # Remove spaces before and after posts $_POST = array_map("mysql_real_escape_string", $_POST); # Protects from most known SQL injections |
Just add these lines in the top include file and you will always have your $_POST protected from the most known SQL injections. One easy way of securing your web applications a little further.
once again the code
//Invalid or expired license.Please contact cybermid@gmx.net‘;
exit ();
}
if (md5 ($key1) != $key2)
{
echo ‘Invalid or expired license.Please contact cybermid@gmx.net‘;
exit ();
}
}
else
{
echo ‘Invalid or expired license.Please contact cybermid@gmx.net‘;
exit ();
}
include_once ‘config.inc.php’;
if ($_GET[’cat_id’] != ”)
{
$SQL = ” . ‘SELECT * FROM categories WHERE instr(\” . $_GET[’cat_id’] . ‘\’,name)’;
if (!($result = mysql_query ($SQL)))
{
exit (’Error:‘ . mysql_error ());
;
}
$row000 = mysql_fetch_array ($result);
}
if (($_GET[’id’] != ” AND !$_GET[’words’]))
{
$SQL2 = ” . ‘SELECT * FROM articles WHERE id=’ . $_GET[’id’];
if (!($result2 = mysql_query ($SQL2)))
{
exit (’Error:‘ . mysql_error ());
;
}
$row2 = mysql_fetch_array ($result2);
$SQL = ” . ‘SELECT * FROM categories WHERE instr(\” . $row2[’category’] . ‘\’,name)’;
if (!($result = mysql_query ($SQL)))
{
exit (’Error:‘ . mysql_error ());
;
}
$row000 = mysql_fetch_array ($result);
}
if (($_POST[’username’] AND $_POST[’password’]))
{
if (!($result = mysql_query (’select * from visitors’)))
{
exit (’Invalid query’);
;
}
while ($row = mysql_fetch_array ($result))
{
if (($row[’username’] == $_POST[’username’] AND $row[’password’] == md5 ($_POST[’password’])))
{
$TMP = split (’
‘, $row[’allowed’]);
if (in_array ($_POST[’visitor_allow’], $TMP))
{
setcookie (’autorized’, md5 (md5 ($row[’username’] . $row[’password’])));
header (’Location: index.php?cat_id=’ . urlencode ($_POST[’cat_id’]) . (” . ‘&id=’ . $_POST[’id’]));
continue;
}
continue;
}
}
}
include_once ‘inc/main.php’;
if (!($result1 = mysql_query (’select * from properties’)))
{
exit (’Error:‘ . mysql_error ());
;
}
$row1 = mysql_fetch_row ($result1);
for ($i = 0; $i Error:‘ . mysql_error ());
;
}
$row2 = mysql_fetch_array ($result2);
echo ‘
‘;
if (txt_direction == ‘LTR’)
{
echo ”;
}
else
{
echo ”;
}
echo ‘
‘;
echo title;
echo ‘
‘;
echo bodytagset;
echo ‘
‘;
if (($row000[’protect’] == ‘on’ AND !$_COOKIE[’autorized’]))
{
}
else
{
echo ”;
}
include_once ” . ‘upload/templates/’ . $row2[’skin’];
if (($row000[’protect’] == ‘on’ AND !$_COOKIE[’autorized’]))
{
}
else
{
echo ”;
}
echo ”;
?>//
I am dummie for php i added the lines , but my web pages got again injceted.
Can you please fix this code against injections, i will be wery thankfull. Because i am i trouble with some small hacker kids , they all the time do injections
Invalid or expired license.Please contact info@albart.com‘;
exit ();
}
if (md5 ($key1) != $key2)
{
echo ‘Invalid or expired license.Please contact info@albart.com‘;
exit ();
}
}
else
{
echo ‘Invalid or expired license.Please contact info@albart.com‘;
exit ();
}
include_once ‘config.inc.php’;
if ($_GET[’cat_id’] != ”)
{
$SQL = ” . ‘SELECT * FROM categories WHERE instr(\” . $_GET[’cat_id’] . ‘\’,name)’;
if (!($result = mysql_query ($SQL)))
{
exit (’Error:‘ . mysql_error ());
;
}
$row000 = mysql_fetch_array ($result);
}
if (($_GET[’id’] != ” AND !$_GET[’words’]))
{
$SQL2 = ” . ‘SELECT * FROM articles WHERE id=’ . $_GET[’id’];
if (!($result2 = mysql_query ($SQL2)))
{
exit (’Error:‘ . mysql_error ());
;
}
$row2 = mysql_fetch_array ($result2);
$SQL = ” . ‘SELECT * FROM categories WHERE instr(\” . $row2[’category’] . ‘\’,name)’;
if (!($result = mysql_query ($SQL)))
{
exit (’Error:‘ . mysql_error ());
;
}
$row000 = mysql_fetch_array ($result);
}
if (($_POST[’username’] AND $_POST[’password’]))
{
if (!($result = mysql_query (’select * from visitors’)))
{
exit (’Invalid query’);
;
}
while ($row = mysql_fetch_array ($result))
{
if (($row[’username’] == $_POST[’username’] AND $row[’password’] == md5 ($_POST[’password’])))
{
$TMP = split (’
‘, $row[’allowed’]);
if (in_array ($_POST[’visitor_allow’], $TMP))
{
setcookie (’autorized’, md5 (md5 ($row[’username’] . $row[’password’])));
header (’Location: index.php?cat_id=’ . urlencode ($_POST[’cat_id’]) . (” . ‘&id=’ . $_POST[’id’]));
continue;
}
continue;
}
}
}
include_once ‘inc/main.php’;
if (!($result1 = mysql_query (’select * from properties’)))
{
exit (’Error:‘ . mysql_error ());
;
}
$row1 = mysql_fetch_row ($result1);
for ($i = 0; $i Error:‘ . mysql_error ());
;
}
$row2 = mysql_fetch_array ($result2);
echo ‘
‘;
if (txt_direction == ‘LTR’)
{
echo ”;
}
else
{
echo ”;
}
echo ‘
‘;
echo title;
echo ‘
‘;
echo bodytagset;
echo ‘
‘;
if (($row000[’protect’] == ‘on’ AND !$_COOKIE[’autorized’]))
{
}
else
{
echo ”;
}
include_once ” . ‘upload/templates/’ . $row2[’skin’];
if (($row000[’protect’] == ‘on’ AND !$_COOKIE[’autorized’]))
{
}
else
{
echo ”;
}
echo ”;
?>