Go4Expert

Go4Expert (http://www.go4expert.com/)
-   PHP (http://www.go4expert.com/forums/php/)
-   -   sql injections (http://www.go4expert.com/forums/sql-injections-t26523/)

ravi951 18Aug2011 17:23

sql injections
 
hi all,
i have done simple login form with username="admin" and password="admin123".
i am checking for sql injections.i have given "mysql_real_escape_string"
for both username and password fields.
but also it is not working......
if i give username as "admin --" and click the submit button(not giving password also) it is taking to the next page...
tell me whats wrong in my below code.....
Code:

<?php
session_start();
mysql_connect("localhost","root","");
mysql_select_db("test");
if(isset($_POST['sub']))
{
$username=mysql_real_escape_string($_POST['txtuname']);
$password=mysql_real_escape_string($_POST['txtpwd']);
$check=mysql_query("SELECT DISTINCT `username`,`password` FROM `log` WHERE `username`='$username'") or die("Error: " . mysql_error());
while($find = mysql_fetch_array($check))
 {
 list($username,$output) = $find;
 }
if($password==$output)
 {
$_session['si']=session_id();
echo "<script> location='view1.php'</script>";
 }
else
echo "invalid";
}
?>
<table width="200" height="150" bgcolor="lightblue" border="1" align="center">
<tr><td style="font-size:25;color:red" align="center" colspan="2">Login Form </td></tr>
<form method="post" action="">
<tr><td align="right" width="100">
Username:</td><td><input type="text" name="txtuname" </td></tr>
<tr><td align="right" width="100">
Password:</td><td><input type="password" name="txtpwd" </td></tr>
<tr><td align="right" width="100">
<input type="submit" value="login" name="sub" </td></tr>
</form>
</table>


pein87 20Aug2011 09:33

Re: sql injections
 
Your query is wrong and your not properly adding the variable.
PHP Code:

$Q mysql_query("SELECT username,password From log WHERE username='"$username ."' AND password='"$password ."'");
if(
$Q != false)
{
//do something here
}
else
{
//do something here


The query checks to see if the values match values that exist and if not it will return false and the if statement will come into play and handles the rest from there.

Code: JavaScript

<script type="text/javascript">window.location="view1.php";</script>


This is how you create a redirect using javascript

If you want to protect against injections you need to validate the data being sent to the script. You can test if its a number, string, float, date, color, binary, email etc... with your own functions.

Also why are you using a while loop when the return data should be a array that is one dimensional and not multi. Wasting resources with that.

Webdeveloper 20Aug2011 17:23

Re: sql injections
 
Hi,

You have not put any client side check to have both username and password as the mandatory field and in your query you are just checking the username and have not included password in the where clause.

Cheers,

~Maneet


All times are GMT +5.5. The time now is 05:04.