Security in PHP web pages

One concern that must be present in all Web developers is the security of their products.

In this article we start a series of articles which will explore some basic security issues related to injecting SQL statements into web forms or URL parameters.

Examples of code with security issues and how to avoid them are presented.

So let's start with a simple login form implemented with the following code:

In this example, the code checks to see if more than one database record has been returned, thereby assuming that the credentials provided are correct.

The biggest mistake involves concatenating the values received from the form with the SQL statement, thus allowing the user to manipulate the instruction to his or her own pleasure.

Regardless of the user name entered, simply type in the password the following text if you choose to indicate that the login has been successfully completed: o' or 1=1 #

With this text the SQL statement will always return a record because 1 equals 1. The # at the end lets you ignore the rest of the statement as it is the symbol for comments in MySQL.

The solution to this problem is to use parameters, preparing the statement before executing it. So the following code resolves this problem:

Comentários

Mensagens populares deste blogue

New Unity 3D Project

Today I will present a new project that I started. From the post about the car I am building a game with cars, or transportation. The idea is very simple: the player starts with a car and a mission, when he is done with the mission he gets some cash that can be spent buying a new vehicle. Here are some pics: - the car in Unity - the car in Blender - working in the texture - looks great - a wheel - the texture in Gimp - back in Unity testing different materials like water - and code

Ler mais

Let's make a car in Unity 3D

In this post we will make a simple car in Unity 3D. The Unity 3D physics engine is used in order to give the car a real behavior. This are the steps: [1] - Create a new Project

Ler mais

Single Page App with C# WPF/XAML

In this post we are going to create a single page app. The app will have multiple pages that get rendered in the main window. We will be using Visual Studio, C#, WPF and XAML. Let's start by creating a new project in Visual Studio of this type: Next, in the MainWindow, we define the interface structure. On the left side we place a menu and on the right side a DockPanel with a Frame in it. The Frame is the element that is used to render de pages content. Now let's add the new pages. In this example I will add two pages. Click in the Solution Explorer with the mouse right button, then choose Add and Page. The project looks like this. The app content goes on the recently create pages. Because this is just an example I will just change the background color and add a small text. Page1 Page2 Finally the code. Back to the MainWindow we need to create the click events on the menu items. So, in the MenuItem line add the click event and pick New Event Handler. If that option doesn't...

Ler mais

Code Made Simple

Pesquisar neste blogue