Jump to content

SQL Injection

consult4u

By consult4u
in PHP Coding Help

 Share

Recommended Posts

consult4u Newbie

consult4u

Posted
Posted

Hello everyone,

I have written a login code in php but I wanted to test sql injection on this code. How can i do that? or How can i make the login more secure using MD5 encryption or any other encryption methods or any other solution.

 

The code is here below:

 

[ ]

 

 

<?Php session_start();?>

<?php require_once('DB.php'); ?>

<?Php

$status=$_GET["status"];

 

if ($status=="loggedout") {

 

unset($_SESSION["User_Id"]);

unset($_SESSION["User_Name"]);

unset($_SESSION["Pwd"]);

unset($_SESSION["Account_Type"]);

unset($_SESSION["loggedIn"]);

 

header("login.php");

 

}

 

?>

<?Php

$_SESSION["user_name"]=$_POST["login"];

$_SESSION["pwd"]=$_POST["pwd"];

$connected=$_POST["connected"];

 

if ($connected=="True") { //When user has pressed the connection button

 

mysql_select_db($database_N_DB, $NOSA_DB);

$query_User_accounts = "SELECT * FROM user WHERE user_name LIKE '".$_SESSION["user_name"]."' AND P_word='".$_SESSION["pwd"]."'";

$User_accounts = mysql_query($query_User_accounts, $N_DB) or die(mysql_error());

$row_User_accounts = mysql_fetch_assoc($User_accounts);

$totalRows_User_accounts = mysql_num_rows($User_accounts);

 

if ($totalRows_User_accounts==0) { // Testing if login is correct

$message=" - Incorect Login/Password - ";

echo $message;

 

?>

 

<?Php

 

} else {

$_SESSION["loggedIn"]=1;

echo "Connected<br>";

 

} // If End for Correct Login

 

mysql_free_result($User_accounts);

 

} //If end for connected button pressed

?>

 

<?Php

 

if (!$_SESSION["loggedIn"]) { //if not logged in

?>

<style type="text/css">

td img {display: block;}

</style>

 

<table width="98%" border="0" cellspacing="0">

  <tr>

    <td valign="top"> </td>

    <td align="right">

<form name="Login_frm" method="post" action="">

User Name: <input class="textfield" autocomplete="off" name="login" type="text" size="15">   

Password: <input class="textfield" name="pwd" type="password" size="10">  

<input name="connected" type="hidden" value="True">

<input class="button" name="" type="submit" value="Connect"><br>

<hr>

</form>

</td>

  </tr>

</table>

<?Php

} else {

echo "<a href='login.php?status=loggedout'>Log Out</a>";

 

}

 

?>

 

[ / ]

Link to comment
https://forums.phpfreaks.com/topic/123461-sql-injection/
Share on other sites
Maq Prolific Member

Maq

Posted
Posted 


$status=$_GET["status"];

if ($status=="loggedout") {

unset($_SESSION["User_Id"]);
unset($_SESSION["User_Name"]);
unset($_SESSION["Pwd"]);
unset($_SESSION["Account_Type"]);
unset($_SESSION["loggedIn"]);

header("login.php");

}

?>
$_SESSION["user_name"]=$_POST["login"];
$_SESSION["pwd"]=$_POST["pwd"];
$connected=$_POST["connected"];

if ($connected=="True") { //When user has pressed the connection button

   mysql_select_db($database_N_DB, $NOSA_DB);
   $query_User_accounts = "SELECT * FROM user WHERE user_name LIKE '".$_SESSION["user_name"]."' AND P_word='".$_SESSION["pwd"]."'";
   $User_accounts = mysql_query($query_User_accounts, $N_DB) or die(mysql_error());
   $row_User_accounts = mysql_fetch_assoc($User_accounts);
   $totalRows_User_accounts = mysql_num_rows($User_accounts);
   
   if ($totalRows_User_accounts==0) { // Testing if login is correct
   $message=" - Incorect Login/Password - ";
   echo $message;

   } else {
   $_SESSION["loggedIn"]=1;
   echo "Connected";
   
   } // If End for Correct Login

mysql_free_result($User_accounts);

} //If end for connected button pressed

if (!$_SESSION["loggedIn"]) { //if not logged in
?>

<br />
td img {display: block;}<br />


</pre>
<table width="98%" border="0" cellspacing="0">
  
     
    
   
   User Name:    
   Password:   
   
   

      
      
   
  
</table>
<br>} else {<br>echo "<a href="'login.php?status=loggedout'" rel="">Log Out[/url]";

}

?&g

 

Sorry, I don't have a good answer for this but a tip you should use "[.code]code here...[./code]" (without the period).  Also for some reason the code tags don't pick up "<?php" (with the capital 'P') so I changed them to lower case.

Link to comment
https://forums.phpfreaks.com/topic/123461-sql-injection/#findComment-637654
Share on other sites
lanmonkey Newbie

lanmonkey

Posted
Posted

Change the SQL query to this and you will be safe:

 

$query_User_accounts = "SELECT * FROM user WHERE user_name LIKE '".mysql_real_escape_string($_SESSION["user_name"])."' AND P_word='".mysql_real_escape_string($_SESSION["pwd"])."'";

 

more info: http://uk2.php.net/function.mysql-real-escape-string

 

also I wouldnt use LIKE in the the SQL query, thats for searches and takes longer, just use '='

Link to comment
https://forums.phpfreaks.com/topic/123461-sql-injection/#findComment-637719
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.