SQL Injection


At the moment, I’m looking to shore up the basic security of my server DB, including provisions to protect against the possibility of an SQL Injection attack.

Let’s say, for arguments’ sake, that I had some PHP code that looked like the following:

$query = "SELECT name FROM my_table WHERE id='" . $id . "'";

Normal usage of this – where, for example, an id value of 131 had been entered – would result in the following query:

SELECT name FROM my_table WHERE id='131';

If, however, I was a nefarious cunt, I might enter something like 131′ or ‘1=1, which would result in the following:

SELECT name FROM my_table WHERE id='131' or '1=1';

So some unwarranted SQL has actually been injected into the query, perhaps circumventing the purpose of the code. If this was, for example, a check to prove that a valid user exists (okay, the example SQL here is ridiculous and unfit for purpose, but anyway…), then this would provide the hacker with a result > 0 in all cases, and possibly grant access.

This is a highly simplified example of what can be a very complicated and costly attack, but it does highlight the basic premise of the method. Other possibilities are updating, inserting, deleting and worse.

I’ve been implementing various ways to combat SQL Injection on a basic level.




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s