SQL Injection
As a programmer you should always be aware of possible SQL injection attacks. Make sure that you scrub all of your data before using it, especially in a db query.
Do not just blindly accept that the parameters you receive are going to be good.
For example, if you are going to show a post from a blog, your url might look like http://www.cyborgcomputing.com/showPost.php?ID=5. That would show post #5, right?
What if it was http://www.cyborgcomputing.com/showPost.php?ID=5+union+select+1,2,3,4,5,6+–
You would have a MAJOR problem if your query in PHP is
$result = mysql_query(”SELECT * FROM post WHERE ID=” . $_REQUEST['ID']);
Try it out on your own and see (The links above are not real). If you are expecting an ID, you should rewrite your PHP to.
$ID = preg_match(’/^\d*$/’, $_REQUEST['ID']) ? $_REQUEST['ID'] : 1;
Now your ID has to be a series of digits, otherwise you return post #1.
You must be logged in to post a comment.