... net.sf.xss-html-filter xss-html-filter 1.1 xss-html-filter releases xss-html-filter Releases Repository http://xss-html-filter.sf.net/releases/ Computer Hacks and tricks: How to stop basic SQL injection attacks

Monday, January 27, 2014

How to stop basic SQL injection attacks

The basic attack is log in form bypassing which has already been discussed in a couple of previous posts. In this type of SQL injection we inject queries like 1‘OR’1‘=’1 etc. in the user name and password fields.

The code which is used in these types of websites that can be easily
Worked around through the above said queries Apart from this the user can also delete the database by executing "' drop table database; --".

The code below allows the queries



  You will have to use mysql_real_escape_string in the php code 

Here is the PHP code.



Here is the PHP code that you can copy and paste.

<?php
$badword = "' OR 1 '";
$badword = mysql_real_escape_string($badword);
$message = "SELECT * from database WHERE password = "'$badword'";
echo "Blocked " . $message . ";
?>


Hope this was useful please like subscribe and follow.

No comments:

Post a Comment