SQL Injections in PHP

General discussion on PHP
Post Reply
sand9364
Posts: 1
Joined: Tue May 16, 2017 6:05 pm
Contact:

SQL Injections in PHP

Post by sand9364 » Tue May 16, 2017 6:07 pm

Can Anybody List out some SQL injections queries to inject in a Php website which is vulnerable.

jess9156
Posts: 1
Joined: Fri Oct 20, 2017 7:56 am
Contact:

Re: SQL Injections in PHP

Post by jess9156 » Fri Oct 20, 2017 8:05 am

here are some of the SQL injection queries that will be useful for you.

SQL Injection Based on 1=1 is Always True
SELECT * FROM Users WHERE UserId = 105 OR 1=1;
SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1;

SQL Injection Based on ""="" is Always True
uName = getRequestString("username");
uPass = getRequestString("userpassword");

sql = 'SELECT * FROM Users WHERE Name ="' + uName + '" AND Pass ="' + uPass + '"'

SQL Injection Based on Batched SQL Statements
txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;

arse4356
Posts: 3
Joined: Mon Dec 11, 2017 3:08 pm

Re: SQL Injections in PHP

Post by arse4356 » Mon Dec 11, 2017 3:20 pm

PHP is a server-side scripting language designed for web development but also used as a general-purpose programming language. Originally created by Rasmus Lerdorf in 1994, the PHP reference implementation is now produced by The PHP Group.

andr8558
Posts: 19
Joined: Thu Jan 11, 2018 5:45 pm

Re: SQL Injections in PHP

Post by andr8558 » Mon Jan 22, 2018 10:38 am

You should always be careful when dealing with PHP or any other languages because security is the number one factor!

dani2295
Posts: 1
Joined: Wed Apr 11, 2018 8:19 am
Contact:

Re: SQL Injections in PHP

Post by dani2295 » Wed Apr 11, 2018 8:25 am

SQL injection is a code injection technique that might destroy your database. SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input.

step7884
Posts: 2
Joined: Wed Apr 11, 2018 2:17 am
Contact:

Re: SQL Injections in PHP

Post by step7884 » Thu Apr 19, 2018 5:43 pm

Isn't this just a matter of sanitizing the inputs though in most cases? To not allow for cases like this? I mean, I'm a PHP newbie, but I thought it was fairly straightforward to avoid things like this.

Post Reply