Syntax Error

[supermoose37]

So here's the deal. I've created a very basic web application in order to show the effects of SQL injections.

 

I plugged ' or 1=1-- into the username field, left the password blank and got the following

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

in SELECT * FROM USERS WHERE Username='' or 1=1--'

 

<?php 
session_name("MyLogin");
session_start();

if($_GET['action'] == "login") {
$conn = mysql_connect("localhost", "root", "");
$db = mysql_select_db("test");
$name = $_POST['uname'];
$sql = "SELECT * FROM USERS WHERE Username='$name'";
$q_user = mysql_query($sql) or die(mysql_error() . ' <br /> in ' . $sql);

if(mysql_num_rows($q_user) == 1){

$data = mysql_fetch_array($q_user);
if($_POST['pword'] == $data['Password']){
header("Location: login_success.php");	
exit;
}else{
header("Location: login.php?login=failed&cause=".urlencode('Wrong Password'));
exit;
}
}else{
header("Location: login.php?login=failed&cause=".urlencode('Invalid User'));
exit;
}
}
if(session_is_registered("name") == false) {
header("Location: login.php");
}	
?>

[Maq]

Your query will ultimately look like:

SELECT * FROM USERS WHERE Username='' or 1=1--'"

 

See anything wrong with that?

[supermoose37]

I need to somehow get rid of that final '

 

I know that because when I put SELECT * FROM USERS WHERE Username='' or 1=1--' into phpMyAdmin, it returns the full user table.

 

Now, I was under the impression that putting -- allowed MySQL to ignore anything after it. (ie the final ')

 

[Pikachu2000]

Try it with 1 = '1

[supermoose37]

Someone elsewhere suggested "addslashes". This has indeed fixed the error. But am now having a problem getting SQL injections to work. Will start a new thread regarding my problem with the Injections in the relevant section.