Menu
There are a lot of ways here to secure your code from SQL injection attack. But what I require is How to log sql injection attack so that we can add him(the attacker-user) in the blacklist-users database.
What I need here, is a kind of function which will return true if there's a sql injection.
<?php
if(isset($_POST['username'])){
// need a function here which will return true if there's
// a sql injection else false
}
?>
473
SQL Injection has become a common issue with database-driven web sites. The flaw is easily detected, and easily exploited, and as such, any site or software package with even a minimal user base is likely to be subject to an attempted attack of this kind.
SQL injection usually occurs when you ask a user for input, like their username/userid, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database.
SQL injection works by exploiting vulnerabilities in a website or computer application – usually through a data entry form. Hackers type SQL commands into fields such as login boxes, search boxes or 'sign up' fields. The aim is to use complex code sequences to gain access to a system and reveal the data held inside.
SQL injections typically fall under three categories: In-band SQLi (Classic), Inferential SQLi (Blind) and Out-of-band SQLi. You can classify SQL injections types based on the methods they use to access backend data and their damage potential.
You can use PHP-IDS to detect security attacks (not just SQL injection) and add custom behavior. In my case I run PHP-IDS at the start of every request. If an issue is detected, I log to the database, return a generic error message to the user and die().
Be warned though that PHP-IDS will not detect all SQL injection issues. It's not possible to do that automatically. You still need to properly handle your queries.
95
Edit: This answer was made before the question was significantly changed. Whilst still valid, it no longer addresses the OP's specific situation.
SQL injection is one of the easiest web application vulnerabilities to remediate. The problem-space of identifiying potential attacks, recording them, and maintaining and managing a user blacklist with usage-denial functionality is a programming exercise that is many many orders of magnitude more complex.
Learn to use parameterised queries properly and SQL injection is not something you will ever need to consider. In PHP you can acheive this using the mysqli or PDO libraries. There's a ton of questions on here that address this and many more tutorials you can reach from googling for "parameterised queries" or "prepared statements"
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
