Injections
Injections
ghost | 5812 Reads | addslashes(); htmlentities();
One of these two functions, should be used when ever you re able to post something on the site, or when you get connection to the MySQL database.
=====] Addslashes [===== The Addslashes function, is a very good thing to use when you’re handling with MySQL queries. The good thing about the function is that it makes back-slashes in front of every “Injection Character”. For example this we have this Query.
SELECT * FROM UserPass WHERE password = ‘$_GET[pass]’
Now this is very easy to just put the legendary: ’ or 1=’1 And then it will select every row in the UserPass table. If you example secured the $_GET[pass] with the addslashes command, it was not possible to use the legend command, then it would look like.
SELECT * FROM UserPass WHERE password = ‘' or where 1='1’
=====] htmlentities [===== [ Every HTML entity is contain a space, because HBH makes them to a Character ]
A very known HTML entities is the &nb sp; which makes a space, now its not the only entity we have, we also have &co py; and actually we have for every character in the char-system. Now the htmlentities is good when you have a Walltag or a Guestbook, because it prevents people from using evil JS injections. When you use htmlentities the following text will look like this.
&l t;script&g t;alert(‘OMG U NOOBS I HACKED YOU!’);&l t;/script&g t;
As you see its very good to protect yourself with these tags, i know their are a lot of other tags that can be used. But these are what i like to use.
=========== =| err0r33 =| - Life is a game, you just need to play it.
Flaming_figures 17 years ago
Wow. Immediatley need to know whats going on eh? With a name like injections you would probably expect to see something like javascript with it, but it's an ok enough article. Didn't go far into the topic though. The html entities was good though.
ghost 17 years ago
addslahes is no more consider as secure, in someone specific case it can be easily overpassed. People should use mysql_escape_string instead.
ghost 17 years ago
not a bad article on a whole. I would agree it might want to go into a bit more depth, but it was informative. perhaps an actual usage or example of the the function would have been nice. So noobs to php can get an idea of the structure and syntax.
SySTeM 17 years ago
"And then it will select every row in the UserPass table.", errr, no it won't… first: ' or 1=1– is for MS SQL, – is the start of an MS SQL comment, /* is for a MySQL comment, you should explain that ;) Second, it won't select ever row, I dunno where everyone's getting this from. But basically, if you submitted "uberPass" as the password, what it would do is it would compare the password in the table against "uberPass", and if that's true then it will log you in, but because you'd be doing something like this: uberPass' OR '1'='1 (no quote on the end, so that the query is formatted like this: SELECT * FROM userTbl WHERE username='uberUser' AND password='uberPass' OR '1'='1') now, this will always return true, because even if the password isn't "uberPass", it has OR '1'='1' to fall back on, and because 1 will always be equal to 1, it will always return true.