Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Signs that a SQL statement is dangerous

Tags:

security

php

sql-injection

I want to develop a function in PHP that checks how dangerous a SQL statement is. When i say dangerous i mean, certain symbols, characters or strings that are used to get data from a database that the user shouldnt see.

For example:

SELECT * FROM users WHERE userId = '1'

can be injected in several ways. Although i clean the params, i also want to monitor how safe the query is to run.

Thanks in advance

like image 448
phpNutt Avatar asked May 07 '10 22:05

phpNutt

2 Answers

You're trying to find a fix for a problem that shouldn't exist. You should use prepared (precompiled) queries, then you don't ever have to worry about SQL injection and escaping as the query itself is fixed and only the arguments are variable.

See here for an example on using them in PHP: http://mattbango.com/notebook/web-development/prepared-statements-in-php-and-mysqli/

Another advantage is that it's faster too, at least for MySQL, as the server doesn't have to parse the query every time.

like image 94
wump Avatar answered Sep 22 '22 12:09

wump

I agree that Parametrized Queries is the best way to go. However most php/mysql applications use mysql_query(), and most web applications also vulnerable to some form of sql injection.

Suhosin Hardened PHP is installed by default on many LAMP systems and it has a feature called "experimental SQL injection heuristics", but it doesn't break any exploits that I know of. A better solutions is a Web Application Firewalls(WAF) which is looking for attacks like sql injection in the raw HTTP query. WAFs are required by the PCI-DSS are a commonly used on the internet today because they work.

There is an application called GreenSQL which is betting on the fact that injected queries look different. For the most part this is a safe bet, but an SQL is a free formed Declarative language and there are many ways that an attacker can rewrite a query to perform the same attack. In short this type of secuirty will stop some attacks, but it is flawed when compared to Parametrized Queries. WAF's suffer from the same problem as GreenSQL, its possible to encode or obfuscate an attack such that it slips past the massive library of regular expressions used to detect the attacks. Bobince's answer to this question cracks me up, his point is also true for the exploitation process.

like image 22
rook Avatar answered Sep 22 '22 12:09

rook
Sign in to Comment

Related questions

How laravel use $this context in static methods?
How to make a generic repository in Symfony 4
Login a user only if his status is active in Laravel 5.7
regexp for finding everything between <a> and </a> tags
What is the best way to persist PHP application setings?
The ideal "always/anywhere available" web development environment?
Protect php script that receive paypal IPN notifications
How to use Pixel Tracking across domains in PHP
Can I make a variable globally visible without having to declare it global in every single PHP class's constructor?
CakePHP: Clearing password field on failed submission
What character replacements should be performed to make base 64 encoding URL safe?
Pass variable to extended PHP class
How to create a link that triggers file download?
Explode string only once on first occurring substring
In PHP, when using PDO with pgSQL how to get the value of "RETURNING" clause in the original INSERT sql query
reading binary code of a file...in PHP
How do I match accented characters in preg_match()?
Matching UTF Characters with preg_match in PHP: (*UTF8) Works on Windows but not Linux
preventing direct access to a php page, only access if redirected
Get from associative array only that elements which keys are specified

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!