Reply to thread

Message: <blockquote data-quote="mr90486" data-source="post: 16764045" data-attributes="member: 123289"> Say you have a database tables named 'categories' and 'blogs'. each 'blog' belong to some 'category'. now lets say you want to see all blogs of category 1. the url for this request will look like : <a href="http://mysite.com/viewblogs.php?cat=1" target="_blank">http://mysite.com/viewblogs.php?cat=1</a> . now when the user click on this link viewblogs.php can access it via $_GET['cat'] variable. now the script puts this category id (1) into an sql query. something like "SELECT * FROM blogs WHERE catid = $_GET['cat'] . this is where sql injection can happen. the attacker can modify the url request with something malicious. instead of ?cat=1 he can replace the value (1) with something else which forms a malicious sql query. lets say something like ?cat=1;drop ... which will cause database to be deleted. This is only one example, there are other ways to perform mysql injection. The other area is Form input. To avoid this, you must always validate and sanitize user submitted data. check the following links:<a href="http://www.veracode.com/security/sql-injection" target="_blank">http://www.veracode.com/security/sql-injection</a><a href="http://www.homeandlearn.co.uk/php/php13p5.html" target="_blank">http://www.homeandlearn.co.uk/php/php13p5.html</a><a href="http://www.programmerinterview.com/index.php/database-sql/sql-injection-example/" target="_blank">http://www.programmerinterview.com/index.php/database-sql/sql-injection-example/</a><a href="http://simon.net.nz/articles/protecting-mysql-sql-injection-attacks-using-php/" target="_blank">http://simon.net.nz/articles/protecting-mysql-sql-injection-attacks-using-php/</a><a href="http://shiflett.org/articles/sql-injection" target="_blank">http://shiflett.org/articles/sql-injection</a>I don't know whether this explanation is clear or not but check out the above links so you can get a clear picture of what's going on and how to prevent it</blockquote>

Verification: Hata thunen beduwama keeyada? (60 bedeema thuna)

Top Bottom