Tutorial : About SQL Injection And How To Fix. In web programming, one of the most dangerous bugs and are at high risk to the security of a website is SQL Injection. This bug is usually exploited by hackers to attack a website. SQL injection is usually done by entering commands or additional syntax into form contained in the website, both form in the address bar, as well as that of the form content.
Tutorial : About SQL Injection And How To Fix
How To Injection
Each summoning and processing data on the MySQL database server, a website will likely have a higher risk to injected. As an addition to knowledge for us, Here are some common injection process.
SQL Injection in GET Method
In creating a website, usually we will use the call ID or a unique code to display the content. For example :
Examples of calling the data on MySQL database for the above url is :
$id = $_GET['id']; $query = "SELECT * FROM tutorial WHERE `id`='$id'";
What happens if someone adds commands in tow? For example, adding 1 = 1 or 1 = 0 behind the url. The result will inevitably produce different effects. Specified in the call will generate an error and this is where his weakness. Intruder can do the calling UNION to make the process of infiltration into a MySQL database table.
SQL Injection in POST Method
Usually, a hacker will attack websites in a very risky place. Most of the hackers were able to infiltrate the website through a login form using post method. To learn it, how it could happen SQL Injection. Read below for an explanation.
Here’s an example of the calling process in database server :
$username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * FROM users WHERE user='$username' AND password='$password'"; mysql_query($query);
If someone fills out the form with the following data :
Username: Hacker Password: ' OR "='
Then the php script will call with a query like the following :
SELECT * FROM user WHERE username='hacker' OR "='' AND password=";
The red text is derived from the input form. While the process of being contaminated by the logic OR, so the password is wrong will be right. If this happens then the hacker can infiltrate into a website database without the need to know the password.
Blind SQL Injection
Blind SQL Injection is a SQL Injection without any hint or appearance of obvious error. This is much more dangerous than SQL Injection is done through a process error in the MySQL database server.
How To Fix SQL Injection
Here are some ways to repeat the bug to avoid infection of the SQL :
1. Perform filtering parameters in the SQL like using mysql_real_escape_string (), PHP PDO script or other script safer.
2. Doing closure error and limiting the number of characters parameter / post
3. Using the database user and not the root password.
4. Organize the directory structure permissions correctly so that the website can still do the writing.
5. The applicability of apache mod_rewrite to rewrite the URL so that in addition to SEO Friendly also safe.
6. Sanitize uploaded file correctly. If it only takes an image file, then just type images are allowed entry.
7. The use of some sort of antivirus program such as clamav and others.
8. Information_schema database closure.
9. To use CMS, diligent updates are also an important factor. However, sometimes the plugins are factors that often brings bug.
10. Utilizing the error logs and access correctly. Checking whether there is injection can be started from here.
This tutorial is complete. If there are any questions and feedback, please let us know using the comment box below
Thanks for reading Tutorial : About SQL Injection And How To Fix