Mysql - What is sql injection attack exploits, Sql injection exploitation

What is sql injection attack exploits

Sql Injection attack or exploits

What is sql injection?

SQL Injection is when a visitor injects SQL code that manages to get processed by the SQL server. This problem usually arises when the programmer does not properly check the user input variables before throwing it to the SQL server.

Examples of sql injection exploits

Sql Injection Example 1:
  $id=$_GET["id"]; 
  $result=mysql_query("SELECT * from articles where id=$id;");

Sql Injection exploit through URL:
  page.php?id=0 UNION SELECT * FROM admin_users

Explaination of SQL Injection Example 1:

What ends up happening here is that since the $id variable is not checked properly, it gets processed in the SQL query. The SQL query the server finally gets in this example is:

SELECT * from articles where id=0 UNION SELECT * FROM admin_users;

Hopefully the reason why this happens is apparent to everyone. Solution for sql injection

Since $id is EXPECTED to be a number, you should check that it is just that. One common approach is to remove any illegal content in the variable, instead of checking and displaying error messages. Here are two approaches one could of dealt with this issue: Removing any possible illegal content:

  $id=intval($_GET["id"]);

Checking and reporting the error:
  $id=$_GET["id"]; 
  if (!is_numeric($id))
  { ... error handling ... } 
 else { ... continue ... }

Sql Injection Example 2:
  $name=$_GET["name"]; 
  $result=mysql_query("SELECT * FROM articles where title=\"$name\";");

SQL Injection Example 2 exploit:

URL:
 page.php?name=" UNION SELECT * FROM admin_users where name="%

Example 2 (explaination): What query gets executed:
SELECT * FROM articles where title="" UNION SELECT * FROM admin_users where name="%"
Hopefully the reason why this happens is apparent to everyone.

Solution for example 2 sql injection exploitation:

In this example, $name is expected to be a string, so you may expect it to contain anything (perhaps the name has quotes in it?). Best solution to this is to escape the quote in some way. Using HTML
 $name=str_replace("\"", """, $_GET["name"]);

Using a backslash:
 $name=str_replace("\"", "\\\"", $_GET["name"]);

The topic on Mysql - What is sql injection attack exploits is posted by - Maha

Hope you have enjoyed, Mysql - What is sql injection attack exploitsThanks for your time

Tech Bluff
www.techbluff.com