SQL Injections in PHP

General discussion on PHP

SQL Injections in PHP

Postby sand9364 on Tue May 16, 2017 6:07 pm

Can Anybody List out some SQL injections queries to inject in a Php website which is vulnerable.
sand9364
 
Posts: 1
Joined: Tue May 16, 2017 6:05 pm

Re: SQL Injections in PHP

Postby jess9156 on Fri Oct 20, 2017 8:05 am

here are some of the SQL injection queries that will be useful for you.

SQL Injection Based on 1=1 is Always True
SELECT * FROM Users WHERE UserId = 105 OR 1=1;
SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1;

SQL Injection Based on ""="" is Always True
uName = getRequestString("username");
uPass = getRequestString("userpassword");

sql = 'SELECT * FROM Users WHERE Name ="' + uName + '" AND Pass ="' + uPass + '"'

SQL Injection Based on Batched SQL Statements
txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
jess9156
 
Posts: 1
Joined: Fri Oct 20, 2017 7:56 am

Re: SQL Injections in PHP

Postby arse4356 on Mon Dec 11, 2017 3:20 pm

PHP is a server-side scripting language designed for web development but also used as a general-purpose programming language. Originally created by Rasmus Lerdorf in 1994, the PHP reference implementation is now produced by The PHP Group.
arse4356
 
Posts: 3
Joined: Mon Dec 11, 2017 3:08 pm

Re: SQL Injections in PHP

Postby andr8558 on Mon Jan 22, 2018 10:38 am

You should always be careful when dealing with PHP or any other languages because security is the number one factor!
andr8558
 
Posts: 22
Joined: Thu Jan 11, 2018 5:45 pm

Re: SQL Injections in PHP

Postby dani2295 on Wed Apr 11, 2018 8:25 am

SQL injection is a code injection technique that might destroy your database. SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input.
dani2295
 
Posts: 1
Joined: Wed Apr 11, 2018 8:19 am

Re: SQL Injections in PHP

Postby step7884 on Thu Apr 19, 2018 5:43 pm

Isn't this just a matter of sanitizing the inputs though in most cases? To not allow for cases like this? I mean, I'm a PHP newbie, but I thought it was fairly straightforward to avoid things like this.
step7884
 
Posts: 3
Joined: Wed Apr 11, 2018 2:17 am


Return to PHP

Who is online

Users browsing this forum: No registered users and 3 guests