sandrob57 Posted March 10, 2007 Share Posted March 10, 2007 Could an SQL injection take place from a variable entered into a URL? I am unsure of this, but to the best of my knowledge, URL variables are automatically sanitized. Let me know if I'm right/wrong. Quote Link to comment https://forums.phpfreaks.com/topic/42085-security-question/ Share on other sites More sharing options...
per1os Posted March 10, 2007 Share Posted March 10, 2007 You are wrong. This is why register_globals is highly recommended to be disabled on a server running php. Reason being is that if you take straight data from a GET and put it into a database I can easily inject into your SQL. Per say this codE: url: http://www.yoururl.com/page.php?user='' OR 1 ' (don't quote me on this) <?php $sql = "SELECT * FROM users WHERE user = '".$user."'"; mysql_query($sql); ?> Now the above may also depend on a few server settings, but it is always better safe than sorry. A better approach would be this: url: http://www.yoururl.com/page.php?user='' OR 1 ' (don't quote me on this) <?php $user = mysql_real_escape_string($_GET['user']); // escape any single quotes $sql = "SELECT * FROM users WHERE user = '".$user."'"; mysql_query($sql); ?> That way you know the code going into the database will not attempt to mess anything up. --FrosT Quote Link to comment https://forums.phpfreaks.com/topic/42085-security-question/#findComment-204133 Share on other sites More sharing options...
sandrob57 Posted March 10, 2007 Author Share Posted March 10, 2007 How do I sanitize this, then? Quote Link to comment https://forums.phpfreaks.com/topic/42085-security-question/#findComment-204140 Share on other sites More sharing options...
per1os Posted March 10, 2007 Share Posted March 10, 2007 The second way I posted sanitizes it with mysql_real_escape_string(); --FrosT Quote Link to comment https://forums.phpfreaks.com/topic/42085-security-question/#findComment-204142 Share on other sites More sharing options...
sandrob57 Posted March 10, 2007 Author Share Posted March 10, 2007 would this function prevent a variable from harming my database: function stripinput($text) { if (QUOTES_GPC) $text = stripslashes($text); $search = array("\"", "'", "\\", '\"', "\'", "<", ">", " "); $replace = array(""", "'", "\", """, "'", "<", ">", " "); $text = str_replace($search, $replace, $text); return $text; } Quote Link to comment https://forums.phpfreaks.com/topic/42085-security-question/#findComment-204145 Share on other sites More sharing options...
chronister Posted March 10, 2007 Share Posted March 10, 2007 it may, but it would be easier to simply use mysql_real_escape_string() Quote Link to comment https://forums.phpfreaks.com/topic/42085-security-question/#findComment-204147 Share on other sites More sharing options...
per1os Posted March 10, 2007 Share Posted March 10, 2007 Yea dude, seriously just use the mysql_real_escape_string(), no use in trying to re-invent the wheel. --FrosT Quote Link to comment https://forums.phpfreaks.com/topic/42085-security-question/#findComment-204231 Share on other sites More sharing options...
sandrob57 Posted March 10, 2007 Author Share Posted March 10, 2007 Yea dude, seriously just use the mysql_real_escape_string(), no use in trying to re-invent the wheel. --FrosT stripinput() is built into my CMS and I've used it everywhere on my website. Quote Link to comment https://forums.phpfreaks.com/topic/42085-security-question/#findComment-204457 Share on other sites More sharing options...
per1os Posted March 10, 2007 Share Posted March 10, 2007 Than why did you ask the question in the first place if you already had an answer and the one we gave you, you did not like? --FrosT Quote Link to comment https://forums.phpfreaks.com/topic/42085-security-question/#findComment-204458 Share on other sites More sharing options...
sandrob57 Posted March 10, 2007 Author Share Posted March 10, 2007 Than why did you ask the question in the first place if you already had an answer and the one we gave you, you did not like? --FrosT I was just checking to make sure the method I have used across my website is secure. Is it? I posted the function above. Quote Link to comment https://forums.phpfreaks.com/topic/42085-security-question/#findComment-204471 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.