PHP and Website Security

Avoiding SQL Injection Attacks

SQL Injection, which I mostly call the “squealee“, is one of the most famous security vulnerability that most webmasters are still not aware of. The topic beyond SQL Injection is way too broad and will just bore you along the way if I tried to explain to you different attack vectors. I myself admits the fact that I am not an expert in this kind of attack. If things get way too ridiculous blame shipcode for making me blog about this (lol).

Here are my n00bish tips in how to prevent SQL Injections:

1. Apply mysql_real_escape_string to values as much as possible

This function adds slashes to x00, n, r, , , and x1a characters. This will help in preventing classic attack vectors such as news.php?id=1′ This function will not ensure the security of your application (there are other attack vectors who can still bypass these functions)

2. Never display errors on deployment!

Yes we know you all just wanted to be user friendly. But displaying errors on the deployed site is one way of helping the attacker access the information he wants. You’re like telling the Cookie Monster where you hid teh cookies.

3. Use clean URLs for gawd’s sake!

Ever used the famous Codeigniter? Have you seen their URL segments? If you already did, teach me how can you inject to a URL like this /news/id/1 (though possible, I haven’t/too lazy to try it yet). Using clean urls will give you 2 advantages. Search engine friendly links and it avoids common dorks.

4. Use of Prepared Statements and Stored Procedures.

These techniques, which are mostly known as parameterized queries, is the best way to avoid SQLI Attacks. It builds the query first before you insert the parameters.

There are many other vulnerabilities other than SQL Injections. This kind of attack is already tainted in my own opinion but this kind of vulnerability still does great damage to ones web application. Imagine dropping all the tables of a loan office just because they didn’t lend you money cause you looked dipshit when you came to them.

I’ll be extending this one, or rather post a part 2 if i came up of other tips. If you have one try giving us a post below and feel free to criticize my post.

One Comment

  1. // secure Get/Post method
    function GET($key)
    {
    $_GET[$key] = htmlspecialchars(stripslashes($_GET[$key]));
    $_GET[$key] = str_ireplace(“script”, “blocked”, $_GET[$key]);
    $_GET[$key] = mysql_real_escape_string($_GET[$key]);
    return $_GET[$key];
    }

    function POST($key)
    {
    $_POST[$key] = htmlspecialchars(stripslashes($_POST[$key]));
    $_POST[$key] = str_ireplace(“script”, “blocked”, $_POST[$key]);
    $_POST[$key] = mysql_real_escape_string($_POST[$key]);
    return $_POST[$key];
    }

    $get_var1 = GET(“var1”);

    Reply

Leave a Reply