Ethical Hacking

SQL INJECTION

Preventing SQLi

• Filters can be bypassed.
• Use a blacklist of commands? Still can be bypassed.
• Use whitelist? Same issue.

-> Use parameterized statements, separate data from SQL code.

<?php
//$textbox1 = admin' union select #
Select * from accounts where username = '$textbox1'
//Bad Sample: Select * from accounts where username = 'admin' union select #'

Safe:
->prepare(Select * from accounts where username = ?")
->execute(array('$textbox1')) 

//prepare(Select * from accounts where username = "'admin' union select #'")
//execute(array('admin' union select #')) 
?>