How to stop basic SQL injection attacks

The basic attack is log in form bypassing which has already been discussed in a couple of previous posts. In this type of SQL injection we inject queries like 1‘OR’1‘=’1 etc. in the user name and password fields.

The code which is used in these types of websites that can be easily
Worked around through the above said queries Apart from this the user can also delete the database by executing "' drop table database; --".

The code below allows the queries

  You will have to use mysql_real_escape_string in the php code 

Here is the PHP code.

Here is the PHP code that you can copy and paste.

$badword = "' OR 1 '";
$badword = mysql_real_escape_string($badword);
$message = "SELECT * from database WHERE password = "'$badword'";
echo "Blocked " . $message . ";

Hope this was useful please like subscribe and follow.


Popular posts from this blog

Hacking with Kali linux ( Pdf download)

How to exploit sites through RFI