SQL Injection In PHP

SQL Injection

Use Case#1: SQL Injection.
SQL injection is common problem and most of the hackers are used this technique to hack the site’s information and also most importantly they can destroyed your site completely.  Here I want to share some common phenomena about SQL injection
Let, you have one login form where your user can access some resource from your site after successfully login. You have two input fields for user name and password.

User Name	admin
Password	admin

select userID from userTable where userName=’admin’ and userPass=’admin’;
After SQL injection

User Name	admin
Password	1234’ or 1; –

–  used for SQL comments.
select userID from userTable where userName=’admin’ and userPass=’1234’ or 1; --‘;
Strangely, hacker can access someone’s information
Use Case#2: SQL Injection.
Someone can drop your kwon tables and very strangely your whole database. Like you have one select sql command for searching a product.

Search:

food

select productName, productPrice from productTables where productName like ‘%food%’;
after SQL injection,

Search:

food’; drop table user;  –

select productName, productPrice from productTables where productName like ‘%food’; drop table user;  --%’;
Protection:

• For password issue, we need to use md5 hash format to store user password at database. And also we need to convert user inputted password for matching with database. So,  for Use Case #1, the sql injected code is also converted at md5 hash format before matching with database.

md5(1234’ or 1; --) ;

• php has one function named ‘mysql_real_escape_string()’ to prevent hacking. It placed backslash if it found any special character. Like

mysql_real_escape_string(1234’ or 1;);
it returns
1234\’ or 1; and the SQL command becomes
select userID from userTable where userName=’admin’ and userPass=’1234\’ or 1; --‘;
**userPass has no ending single quotation tag. So it generates SQL error but prevents from hacking.