consult4u Posted September 9, 2008 Share Posted September 9, 2008 Hello everyone, I have written a login code in php but I wanted to test sql injection on this code. How can i do that? or How can i make the login more secure using MD5 encryption or any other encryption methods or any other solution. The code is here below: [ ] <?Php session_start();?> <?php require_once('DB.php'); ?> <?Php $status=$_GET["status"]; if ($status=="loggedout") { unset($_SESSION["User_Id"]); unset($_SESSION["User_Name"]); unset($_SESSION["Pwd"]); unset($_SESSION["Account_Type"]); unset($_SESSION["loggedIn"]); header("login.php"); } ?> <?Php $_SESSION["user_name"]=$_POST["login"]; $_SESSION["pwd"]=$_POST["pwd"]; $connected=$_POST["connected"]; if ($connected=="True") { //When user has pressed the connection button mysql_select_db($database_N_DB, $NOSA_DB); $query_User_accounts = "SELECT * FROM user WHERE user_name LIKE '".$_SESSION["user_name"]."' AND P_word='".$_SESSION["pwd"]."'"; $User_accounts = mysql_query($query_User_accounts, $N_DB) or die(mysql_error()); $row_User_accounts = mysql_fetch_assoc($User_accounts); $totalRows_User_accounts = mysql_num_rows($User_accounts); if ($totalRows_User_accounts==0) { // Testing if login is correct $message=" - Incorect Login/Password - "; echo $message; ?> <?Php } else { $_SESSION["loggedIn"]=1; echo "Connected<br>"; } // If End for Correct Login mysql_free_result($User_accounts); } //If end for connected button pressed ?> <?Php if (!$_SESSION["loggedIn"]) { //if not logged in ?> <style type="text/css"> td img {display: block;} </style> <table width="98%" border="0" cellspacing="0"> <tr> <td valign="top"> </td> <td align="right"> <form name="Login_frm" method="post" action=""> User Name: <input class="textfield" autocomplete="off" name="login" type="text" size="15"> Password: <input class="textfield" name="pwd" type="password" size="10"> <input name="connected" type="hidden" value="True"> <input class="button" name="" type="submit" value="Connect"><br> <hr> </form> </td> </tr> </table> <?Php } else { echo "<a href='login.php?status=loggedout'>Log Out</a>"; } ?> [ / ] Link to comment https://forums.phpfreaks.com/topic/123461-sql-injection/ Share on other sites More sharing options...
Maq Posted September 9, 2008 Share Posted September 9, 2008 $status=$_GET["status"]; if ($status=="loggedout") { unset($_SESSION["User_Id"]); unset($_SESSION["User_Name"]); unset($_SESSION["Pwd"]); unset($_SESSION["Account_Type"]); unset($_SESSION["loggedIn"]); header("login.php"); } ?> $_SESSION["user_name"]=$_POST["login"]; $_SESSION["pwd"]=$_POST["pwd"]; $connected=$_POST["connected"]; if ($connected=="True") { //When user has pressed the connection button mysql_select_db($database_N_DB, $NOSA_DB); $query_User_accounts = "SELECT * FROM user WHERE user_name LIKE '".$_SESSION["user_name"]."' AND P_word='".$_SESSION["pwd"]."'"; $User_accounts = mysql_query($query_User_accounts, $N_DB) or die(mysql_error()); $row_User_accounts = mysql_fetch_assoc($User_accounts); $totalRows_User_accounts = mysql_num_rows($User_accounts); if ($totalRows_User_accounts==0) { // Testing if login is correct $message=" - Incorect Login/Password - "; echo $message; } else { $_SESSION["loggedIn"]=1; echo "Connected"; } // If End for Correct Login mysql_free_result($User_accounts); } //If end for connected button pressed if (!$_SESSION["loggedIn"]) { //if not logged in ?> <br /> td img {display: block;}<br /> </pre> <table width="98%" border="0" cellspacing="0"> User Name: Password: </table> <br>} else {<br>echo "<a href="'login.php?status=loggedout'" rel="">Log Out[/url]"; } ?&g Sorry, I don't have a good answer for this but a tip you should use "[.code]code here...[./code]" (without the period). Also for some reason the code tags don't pick up "<?php" (with the capital 'P') so I changed them to lower case. Link to comment https://forums.phpfreaks.com/topic/123461-sql-injection/#findComment-637654 Share on other sites More sharing options...
lanmonkey Posted September 9, 2008 Share Posted September 9, 2008 Change the SQL query to this and you will be safe: $query_User_accounts = "SELECT * FROM user WHERE user_name LIKE '".mysql_real_escape_string($_SESSION["user_name"])."' AND P_word='".mysql_real_escape_string($_SESSION["pwd"])."'"; more info: http://uk2.php.net/function.mysql-real-escape-string also I wouldnt use LIKE in the the SQL query, thats for searches and takes longer, just use '=' Link to comment https://forums.phpfreaks.com/topic/123461-sql-injection/#findComment-637719 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.