vampke Posted October 18, 2012 Share Posted October 18, 2012 Hello, I am writing a script that I am trying to protect against mysql injection. I have installed the firefox add-on SQL Inject Me and it returns some fails. Server Status Code: 302 Moved Temporarily Tested value: 1' OR '1'='1 and many more similar items. My question is: is this always a problem? I would think a 302 return code only means the script is returning a valid page. But a valid page does not necessarily mean a vulnerable page, right? The tested values all concern checkboxes with following html: <input type=\"checkbox\" id=\"checkboxvalue\" name=\"checkboxvalue\" value=\"1\" /> The $_POST of the checkboxes are interpreted as: $myValue = (int)isset($_POST['checkboxvalue'])?1:0; I would assume this completely limits the possibility for sql injection or am I missing something? The (int) is probably not needed since I don't even store the post value in the variable. My strings do not generate a warning. I use the following function to validate them, is this sufficient protection? function validateInput($in){ if(get_magic_quotes_gpc()) { $in = stripslashes($in); } $out = mysql_real_escape_string(strip_tags($in)); if(preg_match('/^[a-zA-Z0-9 ^$.*+\[\]{,}]{1,32}$/u', $out)) { return $out; } else return ""; } Link to comment https://forums.phpfreaks.com/topic/269615-mysql-injection-is-this-safe/ Share on other sites More sharing options...
requinix Posted October 18, 2012 Share Posted October 18, 2012 You are correct with your $myValue thing. There is no risk of SQL injection. If you're wondering about the 302, (a) where does it redirect and (B) is there anything in the server logs about why? Link to comment https://forums.phpfreaks.com/topic/269615-mysql-injection-is-this-safe/#findComment-1386087 Share on other sites More sharing options...
vampke Posted October 19, 2012 Author Share Posted October 19, 2012 ok thanks, I was expecting there wasn't but the message concerned me somehow. I know where the 302 goes to. I don't think it is relevant however. My main concern is that this program returned a fail message which does not seem to be the correct wording. If the 302 page handles the injection attempt, there is no risk, right? What about the string values: are they sufficiently protected with my function? Link to comment https://forums.phpfreaks.com/topic/269615-mysql-injection-is-this-safe/#findComment-1386290 Share on other sites More sharing options...
cyberRobot Posted October 19, 2012 Share Posted October 19, 2012 Are you okay with the function blocking potentially valid entries? Here are some examples of invalid entries: Conan O'Brien Dan "the Man" Ben & Jerry Link to comment https://forums.phpfreaks.com/topic/269615-mysql-injection-is-this-safe/#findComment-1386302 Share on other sites More sharing options...
vampke Posted October 19, 2012 Author Share Posted October 19, 2012 Hi cyberrobot, there shouldn't be any special characters. In any case they are not allowed at all because of a javascript on the input box Link to comment https://forums.phpfreaks.com/topic/269615-mysql-injection-is-this-safe/#findComment-1386326 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.