Problem
When constructing a system that works with a database, this is the biggest concern you should have about the data that is received by the user. For example, when you have a login form where the user passes email and password:
<form method="POST">
Email: <input type="text" name="email" /><br />
Senha: <input type="password" name="senha" /><br />
</form>
And in PHP you get the data this way:
<?php
$login = $_POST["login"];
$senha = $_POST["senha"];
$query = "SELECT * FROM usuarios WHERE login = '{$login}' AND senha = '{$senha}'";
?>
The malicious user wanting to invade your system can simply type in the fields this ' OR 1 = '1
that the query executed would be this:
SELECT * FROM usuarios WHERE login = '' OR 1 = '1' AND senha = '' OR 1 = '1'
Making the query take the first user to find and enter the system quietly.
Solution
In order to escape this common problem, believe (It is really easy to find systems with this type of failure), it is a good and simple practice to receive forms data in this way:
<?php
$login = addslashes($_POST["login"]);
$senha = addslashes($_POST["senha"]);
$query = "SELECT * FROM usuarios WHERE login = '{$login}' AND senha = '{$senha}'";
?>
Where the user attempting to fill in the fields with this ' OR 1 = '1
would try to execute this query:
SELECT * FROM usuarios WHERE login = '\' OR 1 = \'1' AND senha = '\' OR 1 = \'1'
That the database would interpret as' Get all user data whose login is equal to ' OR 1 = '1
and password equal to ' OR 1 = '1
.
Fleeing from the bank attack.