Skip to content
March 3, 2008 / ranacse05

SQL Injection,R u safe ?


Hello guys today i’ll discuss about SQL Injection.This is a technique by with any hacker can destroy your database.

Example : Suppose our page is

include ‘connect.php’;
$pass=$_POST[‘pass’];
$user=$_POST[‘user’];
$sql=”select * from $table where pass=’$pass’ and name=’$user’;”;
$re=mysql_query($sql);

if(mysql_num_rows($re)==1)
{
$_SESSION[‘db_is_loggged_in’]=true;
header(‘location:admin.php’);
exit();
}
else echo “Wrond pass or user name”;

if any user input is like “‘OR 1” then somthing will happen unexpected.Hackers can do something like more.But how can we protect our page ?

Solution :

// Make a safe query
$query = sprintf(“INSERT INTO products (`user`, `pass`,) VALUES (‘%s’, ‘%s’), mysql_real_escape_string($product_name, $link),
mysql_real_escape_string($product_description, $link),”;

Now u can protect ur database from hackers. 🙂

Advertisements

3 Comments

Leave a Comment
  1. mahfuz / Mar 4 2008 6:55 pm

    thats nice.i also thinking thats problem.thanks for
    this nice post.carry on

  2. shamimcse05 / Mar 6 2008 6:23 pm

    It is good Rana ! i seems every developer should have the knowledge about it, ok thanks for posting such great experience in your blog. keep going on…………….

  3. nuhil / Mar 12 2008 8:06 pm

    Bes Mojar bepar. Ar eta solve korao to khub kothin na…
    Thnx for the trix…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: