Latest ads

Electronics
Vehicles
Property
Search

mysql database injection akak gahuwoo.pls help...!!

U

Unambu

Member
Jun 24, 2011
79
3
0
Machan
Ada Hodaaaa kollek mage web site akakata Mysql injection aka gahala system aka system aka crash kala.
athumata siyala shakthiya dairiya labewa prarthana karanawa...!!
dannawa nam kawda keyala rep++ tekakuth dennath tebuna.

machan mata tawama idea akak naha injetion aka karapu hati gana.kohomada karanne keyala.
danna kawru khari ennawa nam pls help...machan.
 
mr90486

mr90486

Well-known member
  • Sep 2, 2008
    1,705
    1,476
    113
    Everywhere
    Say you have a database tables named 'categories' and 'blogs'. each 'blog' belong to some 'category'. now lets say you want to see all blogs of category 1. the url for this request will look like : http://mysite.com/viewblogs.php?cat=1 . now when the user click on this link viewblogs.php can access it via $_GET['cat'] variable. now the script puts this category id (1) into an sql query. something like "SELECT * FROM blogs WHERE catid = $_GET['cat'] . this is where sql injection can happen. the attacker can modify the url request with something malicious. instead of ?cat=1 he can replace the value (1) with something else which forms a malicious sql query. lets say something like ?cat=1;drop ... which will cause database to be deleted. This is only one example, there are other ways to perform mysql injection. The other area is Form input.

    To avoid this, you must always validate and sanitize user submitted data.

    check the following links:
    http://www.veracode.com/security/sql-injection
    http://www.homeandlearn.co.uk/php/php13p5.html
    http://www.programmerinterview.com/index.php/database-sql/sql-injection-example/
    http://simon.net.nz/articles/protecting-mysql-sql-injection-attacks-using-php/
    http://shiflett.org/articles/sql-injection

    I don't know whether this explanation is clear or not but check out the above links so you can get a clear picture of what's going on and how to prevent it
     
    Last edited:
    • Like
    Reactions: chrishanelloyd
    Suvin1122

    Suvin1122

    Well-known member
  • Feb 28, 2009
    12,517
    1,018
    113
    Elakiri Server....
    Machan user input field wala validation hariyata balapan.. both server (php ) n client (js)..
    txt field ekak gaththama ekata adala nathi characters type karanna denne nathi wenna one..ex: symbols like ',",/ in name fields.. owata libraries hari usable codes ona tharam thiyenawa..google parak dala use karapn..

    Dan umbe site ekata mona wage damage ekak da wela thiyenne??
     
    Top Bottom