Basic SQL Injection Exploit with PHP

Here is an example of a basic login function which is taught in a lot of PHP tutorials. The purpose of this code is to prevent someone from viewing a web page unless they provide a valid username/password in a form. The username/password is stored in a MySQL database.

$username = $_POST["username"];
$password = $_POST["password"];$query = "SELECT * FROM users WHERE Username = '" . $username . "' AND Password = '" . $password . "'";
$result = mysql_query($query);
$validated = false;
while ($rs = mysql_fetch_array($result))
{ $validated = true; }

If a programmer does not do any input validation and uses the very basic username/password authentication example shown above, the following SQL code placed in the “password” field of a web application using code like this will usually give you access to the protected area:

foo' OR 'a'='a

The presence of this vulnerability in the code may allow a malicious
person to execute other SQL commands such as editing or deleting the
data in your database.

Shadow of hand over keybaord

PHP – Code to Display Request and Post Variables

Sometimes while debugging a PHP application it is handy to display request and post variables. Here is the code that will do that:

foreach($_POST as $var=>$val)
{
 echo "$var=$val";
}

Replace POST with SESSION and it’ll work for the session variables. You can do the same with GET, but probably don’t need it.