Voodoo Jai Posted August 10, 2008 Share Posted August 10, 2008 I have been reading that creating a "view" query statement that selects data from a table should be more secure than using the "select" [table][tr][td] version of the query. Is it right that using a "view" query statement will only read the data from the select query statement, because it has been pre assigned and therefore cannot be altered by sql injection. I dont understand how sql injection works, is it editing the url in the bar at the top of the browser to try and extract info from the db or hack into it. If the user is set to just read the db then surely no harm could be done eg DELETE. I have been reading about addslashes() and mysql_escape_string() does this protect to data sent to the db via GET/POST. How else can protection be acheived. Sorry if this all sounds messy. Quote Link to comment https://forums.phpfreaks.com/topic/119014-solved-sql-injection/ Share on other sites More sharing options...
RichardRotterdam Posted August 10, 2008 Share Posted August 10, 2008 you use a view and a select for different purposes its not that you can substitute a select for a view. the mysql_escape_real_string() function is used so others cant manipulate your select for sql injection for example if someone uses the parameters in a get for sql injections mypage.php?name=bill' union select all from users $name=$_GET['name']// contains [bill' union select all from users] $sql="select email from users where name='".$name."'"; the query will now look like select email from users where name='bill' union select all from users' this way someone can hack your database and retrieve valueble data mysql_escape_real_string() prevents this from happening by filtering potential dangerious values Quote Link to comment https://forums.phpfreaks.com/topic/119014-solved-sql-injection/#findComment-612841 Share on other sites More sharing options...
Voodoo Jai Posted August 10, 2008 Author Share Posted August 10, 2008 So would the you use a view and a select for different purposes its not that you can substitute a select for a view. the mysql_escape_real_string() function is used so others cant manipulate your select for sql injection for example if someone uses the parameters in a get for sql injections mypage.php?name=bill' union select all from users $name=$_GET['name']// contains [bill' union select all from users] $sql="select email from users where name='".$name."'"; the query will now look like select email from users where name='bill' union select all from users' this way someone can hack your database and retrieve valueble data mysql_escape_real_string() prevents this from happening by filtering potential dangerious values So if a hacker quiries the db with mypage.php?name=bill' and then gets no result, would he then use mypage.php?name=bill' union select all from users to gain more information from the db Could I use this type of query to test the security of my db if not then how do I test for security. Quote Link to comment https://forums.phpfreaks.com/topic/119014-solved-sql-injection/#findComment-612854 Share on other sites More sharing options...
deadlyp99 Posted August 10, 2008 Share Posted August 10, 2008 There are thousands of things the person can try. Generally the filters built in php work just fine. I havn't read up on the view command, but I feel the name explains itself. Here is the thing about sql injections. It's called an injection because they find a way to insert there own code and run it on a server. In the case, sql. If there is a vulnerability, no matter what command you used, they will find a way to craft it for their needs. For instance, if they did find a way to escape the code, they could just end your old sql statement with a semi-colon and create a new one. Its all very complex, and it takes actually practicing the "cracking" tactic yourself to begin to understand it. Go to some hacking simulation game sites like hellboundhackers.org and hackthissite.org and you will learn a lot of useful things rapidly and a crash course. Much info is to be found both in the forums, and member articles. I don't condone breaking security for bad purposes, but its a good place to put some tools to better your own sites security. Good luck and have fun. Quote Link to comment https://forums.phpfreaks.com/topic/119014-solved-sql-injection/#findComment-612856 Share on other sites More sharing options...
RichardRotterdam Posted August 10, 2008 Share Posted August 10, 2008 Go to some hacking simulation game sites like hellboundhackers.org and hackthissite.org and you will learn a lot of useful things rapidly and a crash course. Yeah hackthissite.org a good one with the sql inject tutorials its even a lot of fun. I think if you tried them you will have better understanding of sql injections also it will prob teach you to build more secure php. hellboundhackers.org i never tried i think i will look into that one Quote Link to comment https://forums.phpfreaks.com/topic/119014-solved-sql-injection/#findComment-612858 Share on other sites More sharing options...
Voodoo Jai Posted August 10, 2008 Author Share Posted August 10, 2008 Absolutely fantastic guys you've been a great help. I just wish I could be of more help to others like you have been to me. Hopefully one day. I will check out the sites. Many thanks VoodooJai Quote Link to comment https://forums.phpfreaks.com/topic/119014-solved-sql-injection/#findComment-612863 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.