What is SQL Injection and how to fix it

by bootsity on Jun 4, 2019 Philosophy 1070 Views

1. Introduction

In this article, we learn about SQL injection security vulnerability in web application. We see an example of SQL Injection, learn in in-depth how it works, and see how we can fix this vulnerability. We use PHP and MySQL for the examples. The SQL injection is the top exploit used by hackers and is one of the top attacks enlisted by the OWASP community.

2. What is SQL Injection

SQL Injection is a attack mostly performed on web applications. In SQL Injection, attacker injects portion of malicious SQL through some input interfaces like web forms. These injected statements goes to the database server behind a web application and may do unwanted actions like providing access to unauthorised person or deleting or reading sensitive information.
The SQL Injection vulnerability may affect any application powered by database supporting SQL like Oracle, MySQL and others.
SQL Injection attacks are one of the widest used, oldest, and very dangerous application vulnerabilities. The OWASP organization (Open Web Application Security Project) lists SQL Injections in their OWASP Top 10 document as the top threat to web application security.

3. Example of SQL Injection

Let’s create a form in HTML:

  1. <!DOCTYPE html>
  2. <html>
  3. <body>
  4. <h2>SQL injection in web applications</h2>
  5. <form action="/form-handler.php">
  6. Username:<br>
  7. <input type="text" name="username" value="">
  8. <br>
  9. Password:<br>
  10. <input type="password" name="password" value="">
  11. <br><br>
  12. <input type="submit" value="Submit">
  13. </form>
  14. </body>
  15. </html>

When we click on submit, the form above submits to below PHP script:

  1. <?php
  2.  
  3. mysql_connect('localhost', 'root', 'root');
  4. mysql_select_db('bootsity');
  5.  
  6. $username = $_POST["username"];
  7. $password = $_POST["password"];
  8. $query = "SELECT * FROM Users WHERE username = " . $username . " AND password =" . $password;
  9.  
  10. $re = mysql_query($query);
  11.  
  12. if (mysql_num_rows($re) == 0) {
  13. echo 'Not Logged In';
  14. } else {
  15. echo 'Logged In';
  16. }
  17. ?>

4. How SQL Injection works

In the above example, assume that the user fills up the form as below:

  1. Username: ' or '1'='1
  2. Password: ' or '1'='1

Now our $query becomes:

SELECT * FROM Users WHERE username='' or '1'='1' AND password='' or '1'='1';

This query always returns some rows and results in printing Logged In on the browser. So, here the attacker doesn’t know any username or password that are register in the database, but the attacker is still able to log in.

5. Fixing SQL Injection

Now we understand how SQL injection works in PHP. Generally, the best solution is to use prepared statements and parameterized queries. When we use prepared statements and parameterized queries, the SQL statements are parsed separately by the database engine. Let us see these approaches below:

5.1 Using PDO

We can change our form-handler.php to use PDO:

  1. <?php
  2.  
  3. $dsn = "mysql:host=localhost;dbname=bootsity";
  4. $user = "root";
  5. $passwd = "root";
  6.  
  7. $pdo = new PDO($dsn, $user, $passwd);
  8.  
  9. $username = $_POST["username"];
  10. $password = $_POST["password"];
  11.  
  12. $stmt = $pdo->prepare('SELECT * FROM Users WHERE username = :username AND password = :password');
  13.  
  14. $stmt->bindParam(':username', $username);
  15. $stmt->bindParam(':password', $password);
  16.  
  17. $stmt->execute();
  18.  
  19. if (count($stmt) == 0) {
  20. echo 'Not Logged In';
  21. } else {
  22. echo 'Logged In';
  23. }
  24.  
  25. https://article-realm.com/article/Reference-Education/Philosophy/2509-What-is-SQL-Injection-and-how-to-fix-it.html

URL

https://bootsity.com/php/what-is-sql-injection-and-how-to-fix-it
Tutorial article to describe SQL Injection vulnerability in web application with example in PHP and MySQL

Comments

No comments have been left here yet. Be the first who will do it.
Safety

captchaPlease input letters you see on the image.
Click on image to redraw.

Reviews

Guest

Overall Rating:

Statistics

Members
Members: 16680
Publishing
Articles: 78,280
Categories: 202
Online
Active Users: 67
Members: 0
Guests: 67
Bots: 2491
Visits last 24h (live): 1235
Visits last 24h (bots): 40070

Latest Comments

I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog, I will keep visiting...
I genuinely like you're making style, inconceivable information, thankyou for posting 텐바이텐  
You have a good point here!I totally agree with what you have said!!Thanks for sharing your views...hope more people will read this article!!  트랜드 도메인 주소    
Logging into your Chime account is a quick and secure process designed for instant financial access. To begin, visit the official Chime website or open the mobile app on your device. Navigate to...
on Jul 13, 2026 about Blogging
This is my first time visit to your blog and I am very interested in the articles that you serve. Provide enough knowledge for me. Thank you for sharing useful and don't forget, keep sharing...
This is my first time visit to your blog and I am very interested in the articles that you serve. Provide enough knowledge for me. Thank you for sharing useful and don't forget, keep sharing...
The sophisticated online platform for Escorts Gurgaon features intuitive filtering options that allow potential clients to narrow their search based on specific preferences and availability.  
 I particularly appreciate the emphasis on market research and prototypes. It reminds me that a well-defined product and a clear understanding of its market are crucial. Even a small invention can...
on Jul 13, 2026 about How to Start an Invention Idea
Envision a night when everything you need is provided for you without your asking a thing. Our Call Girl Rajendra Place , offer that intuitive service, and you would be well taken care of and...
Even after many failed attempts, I never felt discouraged because the energetic soundtrack and creative character designs in FNF always encouraged me to try another round.

Translate To: