|Almost every website nowsadays will have some sort of a login system. If you decide to write a login script yourself in PHP, this article will provide some important pointers on the security of the script you are writing. This article will talk on a common login hacking technique known as The SQL Injection Attack. This is not new in the programmer’s world but worth taking note especially when you are new to programming.There are hackers everywhere, so beware!Â|
|When the user submits a form consisting of the username and password, all the variables will be store in the $_POST array after submitting. You can get the values of the array easily using:
$usr = $_POST[‘username’];
Where “username” and “password”Â are the names of the textfields in your form.
How do you deal with these values?
SELECT * FROM `user_table`Â where username=’$usr’ AND password=’$pwd’
Re-looking at theÂ SQL statement, if someone leaves username empty and writesÂ “Â ‘Â OR username LIKE ‘%”Â in theÂ password field, then your wholeÂ SQL statement becomes:
SELECT * FROM `user_table`Â where username=’ ‘ AND password=’Â ‘ OR username LIKEÂ ‘ %Â ‘
This statement means selecting all the records in the table.Â If your criteria of lettingÂ the user proceedÂ is thatÂ the return number of records is more than 0 (at least one user found), then this SQL statement will return all records, meaning that the user will be able to slip passÂ through the verification process. This type of hacking is famously known as The SQL injection attacks.
One good way to prevent this from happening is to make sure the $_POST array is safe from escape strings such asÂ ‘ and “. You can filter your $_POST array using
$usr = mysql_real_escape_string($_POST[‘username’]);
There are of course other ways to do it but the idea is to let you know that youÂ have to be very carefulÂ in handling the dataÂ retrieved from forms, epecially more so for usernames and passwords.