How Basic SQL injections can be prevented: A must for website Administrators
The basic
attack is login form bypassing which has already been discussed in the previous post. In this type of SQLi we inject queries like 1‘OR’1‘=’1
etc. in the username and password fields.
The code
which is used in these types of websites that can be easily
bypassed through
the above said queries Apart from this the user can also delete
the database by executing "' drop table database; --".
Below is the code, which permits the said queries:
If you are having this type of code then you have to be careful and take some suggestion from Bull's eye.
Now what does bull's eye says about this:
Bulls Eye: You will have to use mysql_real_escape_string in the php code
Here is the php code.
Here is the php code.
Download the php code below.
Please share the article so that more people will get benefited....
thanx a lot
ReplyDeletethz alot! bro.
ReplyDelete