1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

sql injections

Discussion in 'PHP' started by ravi951, Aug 18, 2011.

  1. ravi951

    ravi951 New Member

    Joined:
    Aug 9, 2011
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    web developer
    Location:
    hyderabad
    hi all,
    i have done simple login form with username="admin" and password="admin123".
    i am checking for sql injections.i have given "mysql_real_escape_string"
    for both username and password fields.
    but also it is not working......
    if i give username as "admin --" and click the submit button(not giving password also) it is taking to the next page...
    tell me whats wrong in my below code.....
    Code:
    <?php
    session_start();
    mysql_connect("localhost","root","");
    mysql_select_db("test");
    if(isset($_POST['sub']))
    {
    $username=mysql_real_escape_string($_POST['txtuname']);
    $password=mysql_real_escape_string($_POST['txtpwd']);
    $check=mysql_query("SELECT DISTINCT `username`,`password` FROM `log` WHERE `username`='$username'") or die("Error: " . mysql_error());
    while($find = mysql_fetch_array($check)) 
     {
     list($username,$output) = $find;
     }
    if($password==$output) 
     { 
    $_session['si']=session_id();
    echo "<script> location='view1.php'</script>";
     }
    else
    echo "invalid";
    }
    ?>
    <table width="200" height="150" bgcolor="lightblue" border="1" align="center">
    <tr><td style="font-size:25;color:red" align="center" colspan="2">Login Form </td></tr>
    <form method="post" action="">
    <tr><td align="right" width="100">
    Username:</td><td><input type="text" name="txtuname" </td></tr>
    <tr><td align="right" width="100">
    Password:</td><td><input type="password" name="txtpwd" </td></tr>
    <tr><td align="right" width="100">
    <input type="submit" value="login" name="sub" </td></tr>
    </form>
    </table>
    
     
  2. pein87

    pein87 New Member

    Joined:
    Aug 6, 2010
    Messages:
    173
    Likes Received:
    47
    Trophy Points:
    0
    Occupation:
    Web Dev
    Location:
    Limbo
    Your query is wrong and your not properly adding the variable.
    PHP:
    $Q mysql_query("SELECT username,password From log WHERE username='"$username ."' AND password='"$password ."'");
    if(
    $Q != false)
    {
    //do something here
    }
    else
    {
    //do something here
    }
    The query checks to see if the values match values that exist and if not it will return false and the if statement will come into play and handles the rest from there.

    Code:
    <script type="text/javascript">window.location="view1.php";</script>
    This is how you create a redirect using javascript

    If you want to protect against injections you need to validate the data being sent to the script. You can test if its a number, string, float, date, color, binary, email etc... with your own functions.

    Also why are you using a while loop when the return data should be a array that is one dimensional and not multi. Wasting resources with that.
     
    Last edited: Aug 20, 2011
  3. Webdeveloper

    Webdeveloper New Member

    Joined:
    Jun 22, 2011
    Messages:
    28
    Likes Received:
    1
    Trophy Points:
    0
    Occupation:
    IT Professional
    Location:
    New Delhi
    Home Page:
    Hi,

    You have not put any client side check to have both username and password as the mandatory field and in your query you are just checking the username and have not included password in the where clause.

    Cheers,

    ~Maneet
     

Share This Page