- One of the common methods that are being used by hackers is SQL INJECTION.
- Sites get hacked by the sql injection due to the loop hole that is left by developers most of the times while developing a web application. I will be explaining you today how to avoid SQL INJECTION when you are developing a web application with PHP. I will be explaining with the help of an example, suppose we have text fields on our form
- Username
- Password
- and Login button
- When we login, the validation for the valid user is checked on the back-end. If the user is a valid user, he logs into the system else an error message "incorrect username or password" is shown.
- What happens on the back-end,
$userName=$_POST[‘userName’];
$password =$_POST[‘password’];
$sqlQuery=”select * from users where user_name= ‘”.$userName.”’ and user_password= ‘”.$password.”’ ; ”;
- This is where the developer has left a loop hole if instead of password I enter ‘ or ‘a’=’a the password field has the value
No comments :
Post a Comment
Note: only a member of this blog may post a comment.