SQL Injection in PHP

SQL Injection is a method in which an attacker inserts malicious code into queries that run on your database.

look at this example:

<?php

        $query = “SELECT login_id FROM users WHERE user=’$user’ AND pwd=’$pw'”;               

         mysql_query($query);

     ?>

 

Anyone can log in as any user, using a query string like

   http://www.wetala.com/login.php?user=admin’%20OR%20(user=’&pwd=’) %20OR%20user=’,      which effectively calls the following statements:

<?php

      $query = “SELECT login_id FROM users WHERE  user=’admin’ OR (user = ” AND                                     pwd=”) OR user=””;    mysql_query($query);

           ?>

It’s even simpler with the URL

http://example.com/login.php? user=admin’%23, which executes the query SELECT                                                       login_id FROM users WHERE user=’admin’#’ AND pwd=”.

 

Note:-

the # marks the beginning of a comment in SQL. Again, it’s a simple attack. Fortunately, it’s also easy to prevent. You can sanitize the input using the addslashes() function that adds a slash before every single quote (‘), double quote (“), backslash (\), and NUL (\0). Other functions are available to sanitize input, such as strip_tags().

 

Read:-

            most-popular-web-development-frameworks