Almost every website nowsadays will have some sort of a login system. If you decide to write a login script yourself in PHP, this article will provide some important pointers on the security of the script you are writing. This article will talk on a common login hacking technique known as The SQL Injection Attack. This is not new in the programmer’s world but worth taking note especially when you are new to programming.There are hackers everywhere, so beware! | |
 | |
When the user submits a form consisting of the username and password, all the variables will be store in the $_POST array after submitting. You can get the values of the array easily using:
$usr = $_POST[‘username’]; Where “username” and “password” are the names of the textfields in your form. How do you deal with these values? SELECT * FROM `user_table` where username=’$usr’ AND password=’$pwd’ Re-looking at the SQL statement, if someone leaves username empty and writes “ ‘ OR username LIKE ‘%” in the password field, then your whole SQL statement becomes: SELECT * FROM `user_table` where username=’ ‘ AND password=’ ‘ OR username LIKE ‘ % ‘ This statement means selecting all the records in the table. If your criteria of letting the user proceed is that the return number of records is more than 0 (at least one user found), then this SQL statement will return all records, meaning that the user will be able to slip pass through the verification process. This type of hacking is famously known as The SQL injection attacks. One good way to prevent this from happening is to make sure the $_POST array is safe from escape strings such as ‘ and “. You can filter your $_POST array using $usr = mysql_real_escape_string($_POST[‘username’]); There are of course other ways to do it but the idea is to let you know that you have to be very careful in handling the data retrieved from forms, epecially more so for usernames and passwords. |