-

Now i discuss about SQL injection--

Note: #1. For guys who don't have any introduction to sql don't read this blog and go to this link.
         #2.  If you have a little intro to sql then this blog is for you .

SQL Injection is Nothing, It is just a tricky queries.....

Explaination With Examples-

   Suppose i  have a database named  'examples' and it has a table named 'user', witch have two column with name 'user' and 'password'.
below pic will describe this...
Now i integrate this with php to query in this table-$value=$_POST['input_form_value']; //this is input value from a form$sql='SELECT password FROM user WHERE user='$value'";after this i query like this-$result=mysqli_query($myslqli_info,$sql);

NOW TRICKY QUERY -In input form just input  

' OR 1=1--'this will blow the query and gives you any password that you want.  HOW IT WORKS--our sql statements was-$sql='SELECT password FROM user WHERE user='$value'";and our input value was' OR 1=1--'now mix these two statements$sql='SELECT password FROM user where user='' OR 1=1--'now this sql query is diffrent from that we simpl maded because 1=1 codition is always true and -- tell query that all the statements after -- will be commentHOW TO DEFUSE Sql Injection in PHP--JUST USE addslashes() function ,,to input values


IN other Languages just google about same function of php ......                    now thanks and take care of your applications.After learning this result will be explosive like this
 











Comments

Post a Comment

Popular posts from this blog

ciphers continued--Vegerne Cipher and its application in php

-
Image
> 2.Vegerne Cipher- The Vigenère cipher is a method of encrypting alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword. It is a simple form of polyalphabetic substitution. The Vigenère cipher has been reinvented many times. lets look at the image for vegerne ciphers  logic now i will make a function for encription by logic of vegerne cipher function vegerne_cipher($str,$str_passwd) { if(preg_match("/[^a-zA-Z]/", $str_passwd)) { return null; } else { $str_password=strtolower($str_passwd); $pass_arr=array(); $pass_arr_num=array(); $alpha=array('a'=>'1','b'=>'2','c'=>'3','d'=>'4','e'=>'5','f'=>'6','g'=>'7','h'=>'8','i'=>'9','j'=>'10','k'=>'11','l'=>'12','m'=...
Read more

Message Sending API (Unofficial) for Way2SMS [ PHP ]

-
Recently I looked through the website http://site24.way2sms.com/content/index.html  and mapped the parameter which were used used in get and post forms. By using the Curl library i was able to send messages through Command Line  for free . For mapping the get and post parameters , I used Developer Tools in Chrome . Below i'm sharing the snippets of my php library for way2sms  so that anyone could be able to send messages on mobile by using this easy to use API. Dependency : Account on Way2SMS Website <?php /** * Created by H$[Hitesh Saini] */ class Way2Sms { //user name of Way2Sms service public static $username ; // password of Way2Sms service public static $password ; //token public static $token; function __construct ($user , $pass) { Way2Sms :: $username = $user; Way2Sms :: $password = $pass; } function init () { $postData = '' ; $url = "http://site24.way2sms.com/Login1.action...
Read more

Working with Frameworks of PHP- The MVC structure

-
Image
To work with frameworks of PHP first we have to learn what exactly is the MVC structure and how it works.. MVC is the acronym of Model View Controller.its means it has three main parts .. 1.Model             2.View              3.Controller       Lets see working flowchart of  MVC Structure . MODEL : Models are the place where main logic and codes for manipulating the database are kept ... thus its the main part of any MVC application VIEW : view is place or directory where codes or templates to interact with users are put..     CONTROLLER : controllers are the place or directory where codes to control over data given by user, are put.. Many frameworks of php are available in the market in paid or free of cost.. But now I am starting with CodeIgniter  because it is easy for beginners and you will laern it with no efforts just in first attempt.. First you need to download ...
Read more