Menu
I'm developing a website and I'm trying to secure the connection part.
I used the addslashes function on $login to stop SQL injection but some friends told me that's not enough security. However, they didn't show me how to exploit this vulnerability.
How can I / could you break this code? How can I secure it?
<?php
if ( isset($_POST) && (!empty($_POST['login'])) && (!empty($_POST['password'])) )
{
extract($_POST);
$sql = "SELECT pseudo, sex, city, pwd FROM auth WHERE pseudo = '".addslashes($login)."'";
$req = mysql_query($sql) or die('Erreur SQL');
if (mysql_num_rows($req) > 0)
{
$data = mysql_fetch_assoc($req);
if ($password == $data['pwd'])
{
$loginOK = true;
}
}
}
?>
837
You should use mysql_real_escape_string for escaping string input parameters in a query. Use type casting to sanitize numeric parameters and whitelisting to sanitize identifiers.
In the referenced PHP page, there is an example of a sql injection in a login form.
A better solution would be to use prepared statements, you can do this by using PDO or mysqli.
98
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
