supermoose37

hmmmm, back to square one again

throws up an error Warning: mysql_query() expects parameter 1 to be string, resource given in /Applications/XAMPP/xamppfiles/htdocs/web_app_v4/login_success.php on line 13 Is the variable 'uname' definitely being passed from LOG.PHP to LOGIN_SUCCESS.PHP

Well I went with the second option and added echo data; on the next line. But it's just returning Resource id #4, and the table remains empty. UPDATED LOGIN_SUCCESS.PHP <?php include_once "Common/header.php"; $connect=mysql_connect("localhost", "root", "")or die ("Could not connect to database"); mysql_select_db("test",$connect) or die (mysql_errno().":<b> ".mysql_error()."</b>"); $user1=$_SESSION['uname']; $data = mysql_query("SELECT * FROM Users WHERE Username ='$user1' ") or die(mysql_error()); echo $data; Print "<table border cellpadding=3>"; Print "<tr>"; Print "<th>First Name:</th> <td>".$data['First_Name'] . "</td> "; Print "<th>Last:</th> <td>".$info['Last_Name'] . " </td></tr>"; Print "</table>"; ?> Login Successful <?php include_once "Common/footer.php"; ?> Thanks for your help so far BTW.

Well I already have $_SESSION['uname'] = $_POST['uname']; in LOG.PHP So am I right in thinking I can put $data = mysql_query("SELECT * FROM Users WHERE Username ='."$_SESSION['uname']."'") or die(mysql_error()); into LOGIN_SUCCESS.PHP

Right, so I've made a very simple web app that allows.... 1.) People to register (adding them to the MySQL database) 2.) Login (providing they're in the database) I've gotten it all working, but I'm stuck at the last hurdle. If someone logs in using the correct username and password, it takes them to login_success.php. Here I query the database and use "SELECT * FROM Users WHERE Username = '$name'" I would have thought, that it would have returned that user's entry in the database. But instead I just get a blank page. Am I right in thinking that's because the contents of the $name variable aren't passed from log.php to login_success.php If so, how do I fix it? ---------------------------------------------------------------------------------------------------- LOGIN.PHP <?php include_once "Common/header.php"; session_name("MyLogin"); $page = (isset($_GET['login']) ? strtolower($_GET['login']) : NULL); if($page == "failed"){ print $_GET['cause']; } ?> <div id="main"> <br /> &nbsp <br />&nbsp <br /> <h2>Sign In</h2> &nbsp <form name="form1" method="post" action="log.php?action=login"> <b>Username:</b> &nbsp<input type="text" name="uname"/><br />&nbsp <br /> <b>Password:</b>&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp <input type="password" name="pword" /><br />&nbsp <br /> <input type="submit" value="submit" /> </form> <?php include_once "Common/footer.php"; ?> LOG.PHP <?php session_name("MyLogin"); session_start(); if($_GET['action'] == "login") { $conn = mysql_connect("localhost", "root", ""); $db = mysql_select_db("test"); $name = ($_POST['uname']); $word = ($_POST['pword']); $sql = "SELECT * FROM Users WHERE Username='$name' and Password='$word'"; $q_user = mysql_query($sql) or die(mysql_error() . ' <br /> in ' . $sql); if(mysql_num_rows($q_user) == 1){ $_SESSION['uname'] = $_POST['uname']; header("Location: login_success.php"); exit; } else{ header("Location: login.php?login=failed&cause=".urlencode('Invalid Username or Password')); exit; } } else{ header("Location: login.php?login=failed&cause=".urlencode('Invalid User')); exit; } if(session_is_registered("name") == false) { header("Location: login.php"); } ?> LOGIN_SUCCESS.PHP <?php include_once "Common/header.php"; $connect=mysql_connect("localhost", "root", "")or die ("Could not connect to database"); $data = mysql_query("SELECT * FROM Users WHERE Username ='$name'") or die(mysql_error()); Print "<table border cellpadding=3>"; while($info = mysql_fetch_array( $data )) { Print "<tr>"; Print "<th>First Name:</th> <td>".$info['First_Name'] . "</td> "; Print "<th>Last:</th> <td>".$info['Last_Name'] . " </td></tr>"; } Print "</table>"; ?> Login Successful <?php include_once "Common/footer.php"; ?>

Can someone provide me with a good SQL Injection. I've built my own web app to demonstrate the dangers of SQL Injections and how a hacker can use them to view the underlying SQL tables. Thing is, I've tried various different injections such as ' or 1=1--, but they all fail. Meaning, it just displays the routine "Invalid User" error message. What exactly would a hacker use/do to gain access to the MySQL database. [attachment deleted by admin]

Someone elsewhere suggested "addslashes". This has indeed fixed the error. But am now having a problem getting SQL injections to work. Will start a new thread regarding my problem with the Injections in the relevant section.

I need to somehow get rid of that final ' I know that because when I put SELECT * FROM USERS WHERE Username='' or 1=1--' into phpMyAdmin, it returns the full user table. Now, I was under the impression that putting -- allowed MySQL to ignore anything after it. (ie the final ')

So here's the deal. I've created a very basic web application in order to show the effects of SQL injections. I plugged ' or 1=1-- into the username field, left the password blank and got the following You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 in SELECT * FROM USERS WHERE Username='' or 1=1--' <?php session_name("MyLogin"); session_start(); if($_GET['action'] == "login") { $conn = mysql_connect("localhost", "root", ""); $db = mysql_select_db("test"); $name = $_POST['uname']; $sql = "SELECT * FROM USERS WHERE Username='$name'"; $q_user = mysql_query($sql) or die(mysql_error() . ' <br /> in ' . $sql); if(mysql_num_rows($q_user) == 1){ $data = mysql_fetch_array($q_user); if($_POST['pword'] == $data['Password']){ header("Location: login_success.php"); exit; }else{ header("Location: login.php?login=failed&cause=".urlencode('Wrong Password')); exit; } }else{ header("Location: login.php?login=failed&cause=".urlencode('Invalid User')); exit; } } if(session_is_registered("name") == false) { header("Location: login.php"); } ?>