sql injections

ravi951's Avatar, Join Date: Aug 2011
Go4Expert Member
hi all,
i have done simple login form with username="admin" and password="admin123".
i am checking for sql injections.i have given "mysql_real_escape_string"
for both username and password fields.
but also it is not working......
if i give username as "admin --" and click the submit button(not giving password also) it is taking to the next page...
tell me whats wrong in my below code.....
Code:
<?php
session_start();
mysql_connect("localhost","root","");
mysql_select_db("test");
if(isset($_POST['sub']))
{
$username=mysql_real_escape_string($_POST['txtuname']);
$password=mysql_real_escape_string($_POST['txtpwd']);
$check=mysql_query("SELECT DISTINCT `username`,`password` FROM `log` WHERE `username`='$username'") or die("Error: " . mysql_error());
while($find = mysql_fetch_array($check)) 
 {
 list($username,$output) = $find;
 }
if($password==$output) 
 { 
$_session['si']=session_id();
echo "<script> location='view1.php'</script>";
 }
else
echo "invalid";
}
?>
<table width="200" height="150" bgcolor="lightblue" border="1" align="center">
<tr><td style="font-size:25;color:red" align="center" colspan="2">Login Form </td></tr>
<form method="post" action="">
<tr><td align="right" width="100">
Username:</td><td><input type="text" name="txtuname" </td></tr>
<tr><td align="right" width="100">
Password:</td><td><input type="password" name="txtpwd" </td></tr>
<tr><td align="right" width="100">
<input type="submit" value="login" name="sub" </td></tr>
</form>
</table>
pein87's Avatar
Ambitious contributor
Your query is wrong and your not properly adding the variable.
PHP Code:
$Q mysql_query("SELECT username,password From log WHERE username='"$username ."' AND password='"$password ."'");
if(
$Q != false)
{
//do something here
}
else
{
//do something here

The query checks to see if the values match values that exist and if not it will return false and the if statement will come into play and handles the rest from there.

Code: JavaScript
<script type="text/javascript">window.location="view1.php";</script>

This is how you create a redirect using javascript

If you want to protect against injections you need to validate the data being sent to the script. You can test if its a number, string, float, date, color, binary, email etc... with your own functions.

Also why are you using a while loop when the return data should be a array that is one dimensional and not multi. Wasting resources with that.

Last edited by pein87; 20Aug2011 at 09:36..
Webdeveloper's Avatar, Join Date: Jun 2011
Go4Expert Member
Hi,

You have not put any client side check to have both username and password as the mandatory field and in your query you are just checking the username and have not included password in the where clause.

Cheers,

~Maneet