SQL INJECTION

WHAT IS SQL INJECTION?

SQL injections are one of the most common
vulnerabilities found in web applications.
SQL injection usually occurs when you ask a user for
input, like their username/userid, and instead of a
name/id, the user gives you an SQL statement that
you will unknowingly run on your database.
SQL injection is a technique (like other web attack
mechanisms) to attack data driven applications.
Here are some methods through which SQL statements
are injected into vulnerable systems
- Injected through user input.
- Injection through cookie fields contains attack strings.
- Injection through Server Variables.
- Second-Order Injection where hidden statements to be
executed at another time by another function.
INJECTION PREVENTION
Now to avoid this type of SQL injection, we need to
sanitize the password input and username input
using mysqli_real_escape_string() function.
The mysqli_real_escape_string() function takes the
special characters as they were as an input from the user
and doesn’t consider them as query usage.
EXAMPLE
$db = new mysqli; $sql = sprintf("INSERT INTO table
(id,name,email,comment) VALUES
(NULL,'%s','%s','%s')",
mysqli_real_escape_string($db,$name),
mysqli_real_escape_string($db,$email),
mysqli_real_escape_string($db,$comment) ); // mysql
$conn = mysql_connect();

$sql = sprintf("INSERT INTO table

(id,name,email,comment) VALUES
(NULL,'%s','%s','%s')",
mysql_real_escape_string($name,$conn),
mysql_real_escape_string($email,$conn),
mysql_real_escape_string($comment,$conn) );