Blocking Web Attacks – Part 1 (Covers Basic SQL Injection Prevention)

Reading Time: 2  min

In series of Blocking Web Application Attack I will try to uncover different types of web application attack surfaces and how we can test and fix them to prevent future attacks.

SQL Injection:

Let’s say we have one Login mechanism, I will explain you how one can bypass login mechanism with use of some basic SQL injection techniques.

Example Code for Login.html

Example Code for login.php

One can easily bypass this login mechanism by entering/ tempering data for password field with ‘ or ‘1=1. This will eventually execute statement as password = ‘’or ‘1=1’’;

More over user can delete database by entering or tempering data with ‘ DROP table database ; —

How can I prevent my application from SQL Injection attacks?

You can use mysql_real_escape_string(), This PHP function will escapes some special characters in a string for use in an SQL statement. This will affect following characters.

  1. \x00
  2. \n
  3. \r
  4. \
  5. \x1a

Example code after using mysql_real_escape_string()

In next post we will look at some more type of SQL Injections & How to Prevent Your application from SQL Injection?

Stay Updated
Please enable JavaScript in your browser to complete this form.
LinkedIn
Share
Copy link
URL has been copied successfully!

Other stories you may enjoy...

The Internet: Then and Now

It has been a big week in tech. Not only did we have the Google I/O keynote yesterday (last week’s blog covered that in more detail), but also Kleiner Perkins Caufield &...

Is Your Healthcare App Safe Enough? Are You Sure?

Seemingly, every company from sporting goods manufacturers to medical insurance providers to smartphone makers are getting into the heathcare app game.   Healthcare apps are...

Apexon Powered Mobile Testing

Mobility is the ‘new normal’ now. It has been largely adopted by enterprises across all domains - banks, hospitals, hotels, retail and travel chains. Enterprises have matured...