What is SQL Injection? and how to prevent

SQL Injection

It is a security attack that is common in database systems that use SQL (Structured Query Language) as the language for database management. This attack occurs when an attacker injects malicious SQL code into user input fields, such as form fields or URLs, to improperly access or modify data in a database.

SQL Injection ranks #3 in the 2021 OWASP Top 10, a list of the most common and important security vulnerabilities for web applications by the Open Web Application Security Project (OWASP). This is updated every time. over several years to reflect changing cyber threats

SQL injection attacks are ranked as the #3 threat, demonstrating the importance and prevalence of this issue in terms of web application security. Properly dealing with injection attacks is essential to securing information systems and preventing unwanted access

How to attack SQL Injection

SQL Injection attacks can be done in many different ways, but there are two most common ones:

• Inserting values ​​directly into the input field
• Editing URL to add SQL statement

Example of a SQL Injection attack

Suppose there is a web application that allows users to log in, with PHP code

<?php
$username = $_POST['username'];
$password = $_POST['password'];

$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysqli_query($conn, $query);

if (mysqli_num_rows($result) > 0) {
    echo "Login successful!";
} else {
    echo "Invalid username or password.";
}
?>

This code is vulnerable because inserting user values ​​directly into SQL statements can cause SQL injection

SQL Injection Attacks

Hackers can insert malicious values ​​into data fields like this

• Username field ' OR '1'='1
• password field ' OR '1'='1

This makes the SQL statement look like this

SELECT * FROM users WHERE username='' OR '1'='1' AND password='' OR '1'='1'

Because '1'='1' is a condition that is always true. This command returns information for every user in the database. This allows hackers to log in without using a real password

How to prevent SQL Injection

There are many ways to prevent SQL Injection such as

• Using Prepared Statements
• Using Stored Procedures
• Filtering and validating input data. ## Example of using Prepared Statements in PHP

<?php
$stmt = $conn->prepare("SELECT * FROM users WHERE username=? AND password=?");
$stmt->bind_param("ss", $username, $password);

$username = $_POST['username'];
$password = $_POST['password'];

$stmt->execute();
$result = $stmt->get_result();

if ($result->num_rows > 0) {
    echo "Login successful!";
} else {
    echo "Invalid username or password.";
}
?>

In this example, the SQL statement is prepared in advance, and the $username and $password values ​​are inserted into the statement later. This makes it impossible to inject malicious SQL code

summarize

SQL Injection is a serious threat. But this can be prevented by writing secure code, such as using Prepared Statements and validating input. Good protection doesn't just help keep your data safe. But it also helps maintain the reliability of the system.

The above is the detailed content of What is SQL Injection? and how to prevent. For more information, please follow other related articles on the PHP Chinese website!